-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 02 Oct 2011 14:28:25 +0200
Source: quagga
Binary: quagga quagga-doc
Architecture: source all amd64
Version: 0.99.10-1lenny6
Distribution: lenny-security
Urgency: high
Maintainer: Christian Hammers <ch@debian.org>
Changed-By: Florian Weimer <fw@deneb.enyo.de>
Description: 
 quagga     - BGP/OSPF/RIP routing daemon
 quagga-doc - documentation files for quagga
Changes: 
 quagga (0.99.10-1lenny6) lenny-security; urgency=high
 .
   * SECURITY:
     This is a backport of the security patches of Quagga 0.99.19 and 0.99.20:
     - The vulnerabilities CVE-2011-3324 and CVE-2011-3323 are related to the
       IPv6 routing protocol (OSPFv3) implemented in ospf6d daemon. Receiving
       modified Database Description and Link State Update messages,
       respectively, can result in denial of service in IPv6 routing.
     - The vulnerability CVE-2011-3325 is a denial of service vulnerability
       related to Hello message handling by the OSPF service. As Hello messages
       are used to initiate adjacencies, exploiting the vulnerability may be
       feasible from the same broadcast domain without an established adjacency.
       A malformed packet may result in denial of service in IPv4 routing.
     - The vulnerability CVE-2011-3326 results from the handling of LSA (Link
       State Advertisement) states in the OSPF service. Receiving a modified
       Link State Update message with malicious state information can result in
       denial of service in IPv4 routing.
     - The vulnerability CVE-2011-3327 is related to the extended communities
       handling in BGP messages. Receiving a malformed BGP update can result in
       a buffer overflow and disruption of IPv4 routing.
Checksums-Sha1: 
 f442cfa3c5021e8d3db54e79249206d030cc8857 1651 quagga_0.99.10-1lenny6.dsc
 f22e47a69bebdc0f7140647cabf2bcd29c36e246 55031 quagga_0.99.10-1lenny6.diff.gz
 b847edf79c24cbf4593e268c5feb75142627ad5c 661810 quagga-doc_0.99.10-1lenny6_all.deb
 123f2531ba159eacf55aaf5e70a7c0be8b9c9857 1753274 quagga_0.99.10-1lenny6_amd64.deb
Checksums-Sha256: 
 c960323156811fd9d4338511be7d05b55bffc848ac320e2abdb90353c477f001 1651 quagga_0.99.10-1lenny6.dsc
 37d0289d05ed49ac7431997c6b29381e5035d88dc3af24a43bedde5cc574f90b 55031 quagga_0.99.10-1lenny6.diff.gz
 a8de3c2f0a4024c56bf195d209f1fe436b93a6cdc0d64cff34198acae2bdec5d 661810 quagga-doc_0.99.10-1lenny6_all.deb
 899f4760d43c66fe541f3004656afbf679518952861e7d4a0f31169e103951c0 1753274 quagga_0.99.10-1lenny6_amd64.deb
Files: 
 6d89c5b3e9fab36c2fae15daea07623e 1651 net optional quagga_0.99.10-1lenny6.dsc
 892bd6b010ef6a29a2e0c8fbfbacade9 55031 net optional quagga_0.99.10-1lenny6.diff.gz
 ad3249cd12e343d64c0b5bcf09bcecc5 661810 doc optional quagga-doc_0.99.10-1lenny6_all.deb
 0abac4cf13c2488253b6cc83bbd943b6 1753274 net optional quagga_0.99.10-1lenny6_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJOi2spAAoJEL97/wQC1SS+jh0H/0i/zf68CsWAH0iVs3Z69x0w
u+O7UXdOvEcR+R/ZSCFbhwPifb9nDwiDa0dxoSieWGFm8mPgQh2gMZl5e/or7OuQ
gd1wH2GgpEyIFPKbg/KReQjyjr2QnwBhtugOPIKXQX+7GjTPc6m96lmwS8tyIwBU
CbBTNRB0yOEkPBgsI/zeF4lhEIaDuA8Deglfbwvi/6J1elOkZTqh71tN2mwy3GlQ
6zTkNXBlMLLQE3Fq1iIOZpxCY9G8AgYUCvV053bqjyWKOzqpP5QWVSHQibKAXzlD
JIeuYiQNTZnFF/EIyn5iue3d67hBMsPHn26NXsQcdjr/1v12dN84paO6CKwMwuw=
=rpmE
-----END PGP SIGNATURE-----