-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: armhf
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: armhf Build Daemon (arm-ubc-06) <buildd_arm64-arm-ubc-06@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 dfd64e4b03395c33d3946b7e7d1d10ee2debbbbc 16597856 frr-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 463d2b170c1ae2ca4e8ddae747c11155b8b570bc 73628 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 278b225b51c8aa52b10183bb538ed96a4fb4ed28 23268 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armhf.deb
 a8dbab9319ea2c676955f2e8d5c0fdb642501042 284456 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 46064a52d215709f284bef40c29773dd1629a045 55020 frr-snmp_8.4.4-1.1~deb12u2_armhf.deb
 9dac35f922d42a2292507b987590baa3a1e9e567 11077 frr_8.4.4-1.1~deb12u2_armhf-buildd.buildinfo
 28041358b4d5bbf4ec2d31e031e8262974d3328c 3333584 frr_8.4.4-1.1~deb12u2_armhf.deb
Checksums-Sha256:
 f78d410e7f83357ff0e83e309196736ce96875b9444ae77b89bb21b142f98546 16597856 frr-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 1b1e5360e14da9dedf7a27a6bf9e766515d3ac30208d07f35dc47b9456f5651c 73628 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 10f4c37cbe72d9cc1f7569830f9c620b96a40332bdc9bdf14efb6d17892008cf 23268 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armhf.deb
 ecd4ffb33557f5ec21117858d34d6b53dde47d08648e5f9e8d36392e3fc771e1 284456 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 0a8ecccb6574afbfb8ee2ac3a1d7ac1a64bac9055a679014b6ded3af2f23f8e8 55020 frr-snmp_8.4.4-1.1~deb12u2_armhf.deb
 c928e75575275d627d2c78bc41ccc4ee17bc1d661a5e91bff4425cdc718cd706 11077 frr_8.4.4-1.1~deb12u2_armhf-buildd.buildinfo
 993294cb5765dfa127081d18f7694cab59a2acf42fad6366f71acf0e5599d720 3333584 frr_8.4.4-1.1~deb12u2_armhf.deb
Files:
 c54231a54695ebe03bc027f445bc8d55 16597856 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 eb755b59ae90c4a58c97602e23359a65 73628 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 8f47970077e5c63949588dcea039fce9 23268 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_armhf.deb
 bf6d10a878aaca56205131eeeb44f335 284456 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_armhf.deb
 45a198164e99eca215739525e7d1fa60 55020 net optional frr-snmp_8.4.4-1.1~deb12u2_armhf.deb
 b2b7ec84cbe9001469b1953a10259a10 11077 net optional frr_8.4.4-1.1~deb12u2_armhf-buildd.buildinfo
 169ba99be9d2f1d7e0e63ed8201c6b49 3333584 net optional frr_8.4.4-1.1~deb12u2_armhf.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEBOUsBrtd5lcy6oRfutMAkCxKbL0FAmog+rsACgkQutMAkCxK
bL0z/RAAhfaJXomoO0oiuIzib10WxDUX26paZHWjxGj5i/r/SeiXr63i544ylUK+
cx0OiEb1OpMNmViUaXO5nAT7vw69ThXih9QGeToB71chFCiboyKIrZu+O5sD0Ltt
8t3KB1xU0I5qOgFG5aJGEPC0dyjw+Wh5fSQ34FriNakM8tol/bpxzcMAyYgLT8bM
uhqgN/MKfXLRB913xYuRK8lcwrJorotZYx0HSYjxW0OMMT3m9N2rxOhsuQlwrVQ2
l0Ro1Cm0yGEa+CTymYphcDNDpz/t5/h82z0EWJ6ahB4afLirK4wnamkK4bRRbLGD
STD27pCTFgYfG3VDMWjzdYLmXe3jOn5lPFSLAH/DeWezWNR0Nzvwk5fpgm3n57Xd
mEs6jrUqMfO6QmId3LIC0g7WpCmexeyuCMo0ibX7uvXEjQpvkCJZVNXI9rFeM5td
4NI9YS8vu8qFaKddxbPKRP/aOY/WAkBrfq7xKezl3UdFdAJTYXhgeInJOnPt8Nx6
tDn/HQ7QesZkg+FzUBMbRaYyHC7tPTXlpeU2dVrtT5ZylrkTWFlZjYSxNj2kWumF
6b7YKygevN8C7W+uBubRWGSkCEoSrW7HNOb4JR9nHTKMp2K9DyVDhn4lfK22jq7h
C0IRb4SasgUnichd4d+lZT+ebDZsLtPlky/n6Xg+y4ukpw5NHEA=
=IAfr
-----END PGP SIGNATURE-----