-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: ppc64el
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-osuosl-02) <buildd_ppc64el-ppc64el-osuosl-02@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 7b1d5487001087c2662893846c04a5a931edd11e 16853576 frr-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 a4719121674e593e8f8777d4b3189fd029f636d8 74252 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 e3486ee95658a21e6d448144082ebe60b389274c 28724 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_ppc64el.deb
 47447ea04f5c4a4566404d8e0394a1025250f4a2 289024 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 0685252fc0043ed0897e133f3afb0984c97deb86 67928 frr-snmp_8.4.4-1.1~deb12u2_ppc64el.deb
 d868cbaa85f460ec597b933e5416b143e8afe398 11254 frr_8.4.4-1.1~deb12u2_ppc64el-buildd.buildinfo
 e48f64ca0fc8eb7a9f23eaf42c8df3a22c1fc0f7 4169464 frr_8.4.4-1.1~deb12u2_ppc64el.deb
Checksums-Sha256:
 aa8f5925ecddf3477adff122782fdc3b020c670f7dd98db6cc4d6943d7c2d650 16853576 frr-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 b7cec20dd2767c099528dd1743497f027d9b66a3b7aa04252946ba851e99d6ac 74252 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 23727895c836df7e9ce8da9346c6be4a2a30b4d50e1da060a641cfe27476fea3 28724 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_ppc64el.deb
 7bd9beaaa20199bc016b38541623d06367dae38637845438c6165cbd3a0f8903 289024 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 915a06991217e4215ccb31eb9a6acbddcc592b6151f9a78050e3f273ba9f0e39 67928 frr-snmp_8.4.4-1.1~deb12u2_ppc64el.deb
 f39960d15ee54c58626cde53fc20b86606c9a726439bad948432b3595e480d99 11254 frr_8.4.4-1.1~deb12u2_ppc64el-buildd.buildinfo
 5124280ec54c7cc93e6e6301592b0d7d62a7b640e525a5030be9c20ae1b1a8d6 4169464 frr_8.4.4-1.1~deb12u2_ppc64el.deb
Files:
 22ea0f049ab7356172fd68ae7ef2d4d5 16853576 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 d2bd0293b251e10055977dad14d62fb3 74252 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 b6c659b856dc2e917f8025c02880933b 28724 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_ppc64el.deb
 dad7753c0c508c8106cdc5fde81047d1 289024 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_ppc64el.deb
 5771f5d37d0e4578a8a1f416c6e24e7a 67928 net optional frr-snmp_8.4.4-1.1~deb12u2_ppc64el.deb
 23581574ba02c908a11b95f4cdec3c64 11254 net optional frr_8.4.4-1.1~deb12u2_ppc64el-buildd.buildinfo
 1ecb90481c6b721d675ed2499ac44f03 4169464 net optional frr_8.4.4-1.1~deb12u2_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE9ibmwdV9gdKNbK7oV8ucRsMTpuMFAmog+s4ACgkQV8ucRsMT
puPsRw/7BIGnToRHa7OFdnddfafcQUuVpWL0OuNCbyqT6R89uHpCJRr6k/EJPuUc
r6SxPeeMONL0iFckkG+SeM3vBnurHSPfDiThqRz4UZd6pb4zvshgIxkeL1FbDRVI
mPIQLJSu29A51xLej+bweBZe0NkETc/qzQuLD/Vzf5cWFj+0LwyZzy0j+21eWBBg
+ItFU+A+Q/5OdgRC8VeVUvN84YK8IhiP/FXk+EC5jDbPPraOnfVg4PUk5d4Ink/Y
sQU4CPTmpo2IluM5mC+ZVwBn20+/AEUxfu7A9v9HXl/EgnBIlAO3EyHkelInGhKv
+reUbKDROPcH7NqzKYK2cLtnmI7XrE87eCNhJWMK7Lb3JBrlsLhuS/xE+7o9Ylwg
yyhKHDSDVrVok9azCNddhwfmh6DHNj2WvWujD6tlNfYl89Q53hxfQUlD9OXv70Hf
1H16Qgjcw+lmm3bYHkLKbj6kmFV2aF7YrIGPj4hgVUwsnNy4dxgOegV4ZR5nXVcM
dkpQ13PW+NB8JRgPgY2xXlK3luc2kcJWvBUM57Kp5IK1S6WsjpU5g1X96M7vSXwd
533+n3w8fUbivCSSpLitvsyJXoV8V0PpzSwk11IwUvq5QE+mfN/aXVHaVJcmF3kq
Suv3fJ+ZzgxgyfntOP2THWADZTvucXw1JoLn2UIygtsiT5iz1k0=
=ooXW
-----END PGP SIGNATURE-----