[quagga-dev 8870] Re: Backporting Quagga 0.99.19 security patches to 0.99.17?

Denis Ovsienko infrastation at yandex.ru
Tue Sep 27 13:40:42 BST 2011


27.09.2011, 02:53, "Christian Hammers" <ch at debian.org>:
> Hello
>
> For the Debian packages I would like to backport the 5 security patches
> to version 0.99.17, which we shipped with Debian 6.0 "squeeze".
>
> Can you help me finding the right GIT commits?
> Are you aware of any problems that can occur, maybe due to changes that
> were made in 0.99.18 and needed for the patch to properly function?

Hi, Christian.

The commits are in the git, annotated for each specific CVE:
http://code.quagga.net/?p=quagga.git;a=summary

The most important one is CVE-2011-3327. Please beware, that "CVE-2011-3325 part 2" _may_ cause ospfd crash (this is being investigated).

-- 
    Denis Ovsienko



More information about the Quagga-dev mailing list