-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: armel
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: armel Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 52bdbc80fa3be49f5789e34b5fb060b180fb06cc 16501908 frr-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 99afe291a78431666c2a1c3919e0ad65a29654cc 73972 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 923d005063c9701b02d5b7cd167271a48773356a 23824 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armel.deb
 7ac34944b1d3c90816f356687a8de578ecd72c3f 283036 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 b63dd043fb9d37e802a9b13b82e67d621323068b 55208 frr-snmp_8.4.4-1.1~deb12u2_armel.deb
 a91822067653c569d42ffa71693ce1e629694e9d 11075 frr_8.4.4-1.1~deb12u2_armel-buildd.buildinfo
 b20da29f6ca2436657dce7de632596c00f6ddae9 3268092 frr_8.4.4-1.1~deb12u2_armel.deb
Checksums-Sha256:
 b3a2decffb34e78c8f63b20b966d6ac930d9395e4bfa7a47e149976058a9db77 16501908 frr-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 59f36b5adc83222d5fe58717a1ef7bf16b2cde57fc5e2e5c8bbbba65e276cd5a 73972 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 e45c52daf493d0b430b388167dd34f85792d5e07533dae24fb3b23152e0e47ec 23824 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armel.deb
 0b7afe630a3744812f878c8778cf3e6eb3e287562be5e1a71b5d3d6ade2c5692 283036 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 6d1a2012b7bb42520554d9fa28e3a3c549e3ff1c3aad814f3d939da32ddda387 55208 frr-snmp_8.4.4-1.1~deb12u2_armel.deb
 559108633b7a37b4b1593dc713bc820123b070b18f95925945f601d0a57b932b 11075 frr_8.4.4-1.1~deb12u2_armel-buildd.buildinfo
 4073c0befde0a46d0a8edf99ec2d9d0bba381b04fb5232c299d3590fac8fa911 3268092 frr_8.4.4-1.1~deb12u2_armel.deb
Files:
 a134d904b55edaccdc6dc31fd8a088c0 16501908 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 358b55f041affb0d17489658fd46c2cb 73972 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 6d35f6ef7e8dccda73a0d1418976020c 23824 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armel.deb
 6266d7eff25587458f8405c6d91c60bb 283036 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armel.deb
 edbd8ed49101b26cabffa8237bf1ca2c 55208 net optional frr-snmp_8.4.4-1.1~deb12u2_armel.deb
 f6179f3039f3bd9a29c35966a1e2bbaf 11075 net optional frr_8.4.4-1.1~deb12u2_armel-buildd.buildinfo
 934b5ed1080061c2ddf01700123f111a 3268092 net optional frr_8.4.4-1.1~deb12u2_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmog+sQACgkQK1PZBedP
sppu2w/+P3KnbI3H4S0dv/SgX4h8LkZVtMppIedrxIy9asRbdkL8Z1nEjEfO4at8
QXWKhpfGZsh3mr7+Z+trjnkrWMqvqIIZHFf9873OnCF53y74gXgUIXxTSm45KMrE
sCukBAjIVGOz/6f8x4EV/fFVssd8qX9f7x3EHMfErasYM73ayiLfWIIvdZsWmKRv
tid45jhiYN/8tbUSIuS8x20h9ufH1x642AOVcJynpNRO/GIJ049b0jAntXf1JeBC
27MGrkB/OPh2T9bOndYeAjkKKj+U9vtxq/FcD1Um44XidVyph0QY/NG5lVNzAiYi
i40IAPp+Ay87VjFd//fFcU7ECWJ3+uuyRt5pOcf9jvkaDyfvE+n1waUVPC1C+6cq
fA3Xwvdzx9ASXFi68Ef0du1Q0F1Xv42kooR3gT7ciHBOG4vIdgTZEy214t3zhHbE
pKcA2mmKXV7T7r6qu0Pdrji/n471f5ehBj5unziEXGjkCUftvrZApCY1TzHflsdJ
xp1OD6u3B9wMDsShQFUX3GaZS0K4cpXgoUK7VQWAnP730Kmy/mg3PBATGHkJtACZ
SJdYGHCJAe05UCQp3t5NWXBii5Vp8fW9x1rMI+NTQ5khQFhrYAZvaGUG9zztq9VW
f+EltJeZnv+UDB6gmXWvZDXFQSbMmQNQ1NMCqecROgt1NkLXySs=
=nkHv
-----END PGP SIGNATURE-----