-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: mipsel
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 8b0e9e23e9b06d590e0dea6f4716ede5d17a076e 16740872 frr-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 5e1b89a06769f6d9f5a886805a53e98187fb1d5a 73664 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 287620f8018f4488a34f33691adbda51ba30b9a6 24280 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_mipsel.deb
 bd7c7b08a7cf72dea6ce49dc55ac6198254bfd5c 283160 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 11e7cc187cd0019e6cd7a19486bf0da8bfc3ef0b 60772 frr-snmp_8.4.4-1.1~deb12u2_mipsel.deb
 309e397233960ccc1a1f1bf1a00361db7748389d 11011 frr_8.4.4-1.1~deb12u2_mipsel-buildd.buildinfo
 5bbc548a67f27267cde3c0868220235b78e6406c 3513588 frr_8.4.4-1.1~deb12u2_mipsel.deb
Checksums-Sha256:
 9127311bed1381e51def53d63d5d758786349d7dd4dee3d74e5bd3e6ac7c6677 16740872 frr-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 b4093cfaf23a6a22c97ae3ce20d84511047503591ef5f945bf2f43f8d744e30e 73664 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 5fbded923f5640ff26a50ee2c9fe34457d6fc4dfe934870456b2ab85b4e940b4 24280 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_mipsel.deb
 c2929c2728b589db1b6b9d13f0dcd9cf32f524fbde3f06c99b7d1c595d3a189d 283160 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 88af8761b60629f43053db27d6e1f3413245b93b12a9683ed8ce0954a0c9a254 60772 frr-snmp_8.4.4-1.1~deb12u2_mipsel.deb
 72684decf09b9e1edab29cd246e78073230f77053db98097df3b080995bcfb91 11011 frr_8.4.4-1.1~deb12u2_mipsel-buildd.buildinfo
 40ed243ad9e480b26eec888afb85a3fbca67664569ec3ff3d9b3845f3e15660b 3513588 frr_8.4.4-1.1~deb12u2_mipsel.deb
Files:
 4e13175997d889d56b16ff3b64eba556 16740872 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 7704a4f6d6ba443dfca2d5e14e62f102 73664 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 6ecf1b28a2e5a67185821261af02e1a9 24280 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_mipsel.deb
 2a9d50512dd0066ac607df0fe7ebf93d 283160 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_mipsel.deb
 ce4ed29cdacc19ee1f52b8213bc6456b 60772 net optional frr-snmp_8.4.4-1.1~deb12u2_mipsel.deb
 84f6014389dba44aa449119d6db3dbf7 11011 net optional frr_8.4.4-1.1~deb12u2_mipsel-buildd.buildinfo
 21aee70b68ca065c7d2065070154f3b6 3513588 net optional frr_8.4.4-1.1~deb12u2_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmog/bkACgkQpwP2OD8j
Zaqutg//VnnWpYSNGEydm5U2j/SiwvlWyWl9HZf/xwSS9Pvas9Qn3l8BJaPpvZF7
QThIKdVr+qLTLuDGeqN30jQSSoBg8QLptJvpQqvvsrHfYd/SVm4pA1laM0yLCJM0
3+ECRstb+F3Mvcjpvy21bbdHx2Pzuioo0ji5l7u+PgrGqlMTIwIhHibmNhqRokSr
fd5ZGDGpf5Ax13Tfpge1LUsOvxUjSVuEiqlSFXugwf/fdWe5cHxz9a+0z26BaRMr
EA3nsFkryDUbspiR5d9mTZem5U2CguMkQ4256W1Ri6ESHub2yqSrYUsAsePK8Cin
NbkrS+1m9nPh/8SUcn1jXZEaDeTAGsirh22+gI8M6ONPaidGAtQrXqdyx17fb2hl
4pclLJjkPnRyJPgBKzYb1kTwxEJHSvhZSi0D4bRmMbZcDYZ/KLBQx4VyYOqu7Uzp
Ue/hWGF32bJS2piT5+igYGUExQay7Mq5SNHdR1U347PZE1rpXjtrRfBLfOTMAEGa
adVTUwi65iyZMo1DWGeMUcr71FJ4vvczTh+WbeDldm/mahIeaAunyCJSKbNKQ7qE
Wo57DxcpC+h1q13VeAgNXyqXxq0iKcr0kYRaUJHQ51wvc/M+EV82N9G6UHuuUCl6
4j7x9RNhYUL0yg1X9WC5VNh6hyiDn70gKiyV162VTrlIQurOdV0=
=CMB3
-----END PGP SIGNATURE-----