Package "frr"

  frr (8.1-1ubuntu1.4) jammy-security; urgency=medium

  * SECURITY UPDATE: denial of service via bgp_attr_psid_sub()
    - debian/patches/CVE-2023-31490.patch: ensure stream received has
      enough data in bgpd/bgp_attr.c.
    - CVE-2023-31490

 -- Marc Deslauriers <email address hidden> Fri, 02 Jun 2023 13:56:18 -0400

  frr (8.1-1ubuntu1.3) jammy; urgency=medium

  * d/frr.postinst: don't change log ownership if the syslog user
    doesn't exist. Thanks to Alessandro Ratti
    <email address hidden> for the fix (LP: #1991812).

 -- Andreas Hasenack <email address hidden> Fri, 28 Oct 2022 11:38:34 -0300

  frr (8.1-1ubuntu1.2) jammy-security; urgency=medium

  * SECURITY UPDATE: DoS via out-of-bounds read
    - debian/patches/CVE-2022-37032.patch: make sure hdr length is at a
      minimum of what is expected in bgpd/bgp_packet.c.
    - CVE-2022-37032
  * SECURITY UPDATE: use-after-free due to a race condition
    - debian/patches/CVE-2022-37035.patch: avoid notify race between io and
      main pthreads in bgpd/bgp_io.c, bgpd/bgp_packet.c, bgpd/bgp_packet.h.
    - CVE-2022-37035

 -- Marc Deslauriers <email address hidden> Wed, 05 Oct 2022 12:35:26 -0400

  frr (8.1-1ubuntu1.1) jammy; urgency=medium

  * Fix logging with Ubuntu's unprivileged rsyslog (LP: #1958162):
    - d/frr.postinst: change log files ownership
    - d/frr.logrotate: change rotated log file ownership

 -- Andreas Hasenack <email address hidden> Tue, 19 Jul 2022 17:36:23 -0300