-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: i386
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 115cdf7b83c2aa73862a8546454dc7a6b62a3922 15369536 frr-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 854a145b01e3a0d100202074d5b049a80297bfe4 70136 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 c26273d1959930d6305662b0e6359ddae5da3e68 23936 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_i386.deb
 de4358bb01c0d25311b23c09f3b3daafb872ba96 272384 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 416e5f1366a01675104ac165ec5552814b7e16d0 60080 frr-snmp_8.4.4-1.1~deb12u2_i386.deb
 d80ef9e4e395a2e9fb0877782a946309703e323a 11146 frr_8.4.4-1.1~deb12u2_i386-buildd.buildinfo
 66b1c96276c1f06c71f09c22f14f2cd0b31284e4 3546940 frr_8.4.4-1.1~deb12u2_i386.deb
Checksums-Sha256:
 44b05f71faf284fab2bd3594c593bb1d24ab0786b81d2df0dac131373bbc50b7 15369536 frr-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 f1ac7cd06df5e09ecd5ec03e34be01ec367b464aa3815be96816b89a55194d7b 70136 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 6b465309ed12f81593ba50b05e36d2abc62df2877cb3efd4bdde80a80cd6ab47 23936 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_i386.deb
 a325232238cd526d8e718577e8c0e70482ab4c677ce3a2ecb04c6994d2052568 272384 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 ded9d440c9897cefcdefa694683edaff2c6be0ec92a9295036780f8269bd639c 60080 frr-snmp_8.4.4-1.1~deb12u2_i386.deb
 72369d223264eb5282f0a593b35145d39e23d2ebd3a9d3fdb41ec0369a9a60da 11146 frr_8.4.4-1.1~deb12u2_i386-buildd.buildinfo
 62bd1dc49164aae638c22a023903ffec6a18db71a4dfcbf73c7810bd407f8be8 3546940 frr_8.4.4-1.1~deb12u2_i386.deb
Files:
 c874cff5b221058d4b4b4631313f2cbd 15369536 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 ce411c13292baaaaabb03e769776221a 70136 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 29fd9ab03987df9e73baebfb612364c0 23936 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_i386.deb
 eb83667ad48e753b44d9b27c34c50534 272384 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_i386.deb
 d3f66af22cc3f037b604bedf615a1f70 60080 net optional frr-snmp_8.4.4-1.1~deb12u2_i386.deb
 6f7dfb92803637ef2f3d1ffcffb890c2 11146 net optional frr_8.4.4-1.1~deb12u2_i386-buildd.buildinfo
 f5d8ebf073a5e51d9c933e31fbc6c404 3546940 net optional frr_8.4.4-1.1~deb12u2_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmog+sQACgkQf2INRiCd
aWI9vg/+L0ldIJSA14qsPjj56ozw9xM9Y6OY0KIuE/U9VXLRjbLR1m93u1I0zOnD
ymDZazyxVYcnACM8gBMWzwji/jpzvEoPw0rWkEHfkGgn9cdOvzR7+I1v7B7RRoYA
XIfhdfErXRL0GeA4FAuogotWJ9DVfv9NObSSXgKH5IcrMG2bExK+hyXHqe9RgHTI
BgNuCPIk5TTvdHjyIEaguKOi8d/Hb5UcXHDaqe6IDwwX/BH2L+zoSEsHR+cj3JdQ
HbhLPfZ+Waz2kRo7+niZGB9SleQpO3dPyzk5s9ewtlEPZRWtuYkVO316mQWiLzpV
W22lk6wGq+I/wdUm19UuaAPr+wIS2L3H89Q98Vn9e9IqoAOaZMC32S2caaO99sUV
t24A4dWDWSTiNcqiyNGha4YTA1J6LwVWUk/VvrpioVdboBLfX0HOiaenrLJJ2AI8
PseG2jjuhcO/F573xZn3Pi+KEgDLjOTEz6c0Q5ZmzFyR51o8VO4tjGB3H+xdrC0G
+kDD4zhiZTlOZxk3Y2X43+Y//WrmH4hRMR38Ut02/MffdhqdRw9Tl9bEzk4osrwX
J0kAWG/tcXEH/7OQve7jNWGzdQ+70jGFIjeVhl0n27alh8VFZiyKhoefGArHekAw
yS9pg9+y9ACotO5O1KP70Uv9ijy/Yb9lWNONcdd6PGGLmcDscfw=
=PaPO
-----END PGP SIGNATURE-----