-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: s390x
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: s390x Build Daemon (zani) <buildd_s390x-zani@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 ccfec6d4cb430edcfd4ab33690e55ddf7d8d89ab 16607016 frr-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 b56160936be56729bd52c51e0d3ac45e32e9cdef 73204 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 d4a28e654c7d8b9fcdc8e6f5a1799b933ebf7b2a 24256 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_s390x.deb
 9ff5d2a369943c8722c715ea46876f35e442839b 284112 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 50f06dcd3a84bb0734759f20ec18cc1231d15f98 59456 frr-snmp_8.4.4-1.1~deb12u2_s390x.deb
 22066b79f6af9dfaf15dac5d2faa7be838cd9214 11105 frr_8.4.4-1.1~deb12u2_s390x-buildd.buildinfo
 3a482f6935f74c476cbdd2118d4a70a18fd76596 3562336 frr_8.4.4-1.1~deb12u2_s390x.deb
Checksums-Sha256:
 4704e1c5edd642e089d37f29a8ba59a02ab4b9e7c6383bafee2d1fc9f78a90b2 16607016 frr-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 5bfdeca439f65cda0ff79ec80be9db97f46991696c3a5c0cf28c7914cfbc27b6 73204 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 157d06fd6c7a7cee03688edc4f7d9a13931ce77eb1378143196da8de0dd4300a 24256 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_s390x.deb
 b306b9d3e4cb46cc678d5aee47724f43e8debc13382ef8d7e8539e0b3bcacc07 284112 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 43b40c594be4a928b275331c7cd044543e3f4cadac7aeca2bb4228122c6c790e 59456 frr-snmp_8.4.4-1.1~deb12u2_s390x.deb
 4922243f2777337d10fc97c6e8533759ffba7c8f1fa1d2afb81436c5f2ff997c 11105 frr_8.4.4-1.1~deb12u2_s390x-buildd.buildinfo
 b8d4c4878b11b87e3a73dc5a0ea5d08c18e4cf6a351dc136478e331c9cad93fd 3562336 frr_8.4.4-1.1~deb12u2_s390x.deb
Files:
 1d3d58ad9b1c901631c214b7fe7e455e 16607016 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 ea356dcd5088e29e116ab160da97fb8a 73204 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 ff997ae3f261603a396fbc9187f4474f 24256 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_s390x.deb
 62fd02e012d3cdd975da54e62c27887d 284112 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_s390x.deb
 67418feb764386f1cc56898e1be13d79 59456 net optional frr-snmp_8.4.4-1.1~deb12u2_s390x.deb
 68e25e8f09a41b476dbc17c07c25d49c 11105 net optional frr_8.4.4-1.1~deb12u2_s390x-buildd.buildinfo
 07554e761e04680db6f0caa7bcffdfc5 3562336 net optional frr_8.4.4-1.1~deb12u2_s390x.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEgh4msZ+e2PZfd5KckaCrxAR3BY0FAmog+vMACgkQkaCrxAR3
BY24ABAA1KGt5ZG0rrl1b1RN0gScK8NhTeufCNs962H8Nt3fMAU3Q0N349TzThyn
kMpYOkTuOaCMKYlQp2GAdSBM6WwXIdxl+Ibu7sQlchMy6CAiEpLNOKhozVySy+rZ
Nt4Wuf2TbLmHv9INaXyey62CiOg9AYg+LXKUsK5KsEQ6xLG+kD46WwUBSEh5YhiU
uajbSW+9wdjBZHbeDXN4pcCgUkdnG2fopTB6BNWQXxO5D9suzVtQlbq8cPz0GcLa
NmCEdCTuNEXBMU35nIIOPXYQ4r+0fSp/6hOkqJfx1jtRnBmiHlaslpzlDEjLF+Oi
i6rxOVPcz32xEXfNdac2+VQENkCFYBIqVpt3d5VyvLGBiGf7BNFyT+LNI8Fxujfv
09tFDjXuoq0VVT6sRUrFgu0M5QTsYEO8b0Ap2SZqvuUzp4kLLIcdYyvzilhX1lHf
pH2Ua6Cc2dyEk7itRgkvd3zT8d0HXNyKcxSTE7htPeLWSqmXp9F79yhlKWf2fs87
jrzTiHJvihQwsk2TkOuunKvKAy0cfW6yuFNMs9G1hYoiT6rgmDdY4N+IuEnZKqXf
VIKF9cOY0A83JNmidQGaBcPiE/q2/m9EQ6RjQQXaPJoJMD8gPy0yz3xomh1H96iX
4htsbGE4MLuUeYygrQVKY797gv4nF0WC2PTn+KgXLSTJ102BYUg=
=pXSQ
-----END PGP SIGNATURE-----