-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: amd64
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 7718cc3307c20b005faef6d8fe978f4cd78357c9 16781676 frr-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 8c8c7531c5e00369a00b58ac8128267ad93b021c 73872 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 a3d3c0f38324763bb8b73dc400dd2730c98a3065 25116 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_amd64.deb
 864b98a2dd7e2edbc1ba397177f369e9e43d25e5 289364 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 d1b6e4db81b7f093343c575fc4661707ce4a31c0 63672 frr-snmp_8.4.4-1.1~deb12u2_amd64.deb
 f86e29c48995c80f95ec34089abf8544fde7e47c 11218 frr_8.4.4-1.1~deb12u2_amd64-buildd.buildinfo
 1681883447e0160e2740e6cb45139eae4273ab4d 3854556 frr_8.4.4-1.1~deb12u2_amd64.deb
Checksums-Sha256:
 e71930d8ff57c93fdd62da43b29eca5ed3488617fd817d80a55efb183718ed92 16781676 frr-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 a7b539f23c9a35a7a902931268f77806ff01a3871c4cdd5c380ea3147a9019db 73872 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 b83d2e83c13a1a92fd92869e7653a044ddcc93e6aa47ed4c1b275c4d663d66ff 25116 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_amd64.deb
 2000e3653a4d95a133cd5e15f9f9712d3d24d67346bfe89c144c53c45eebcfa8 289364 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 2af64f569ea93508e76ca99aee187bb086fbe96284bd1fcf470c5036f592c3bd 63672 frr-snmp_8.4.4-1.1~deb12u2_amd64.deb
 bad3341dde4f23c0e03cd372c2408b40eb2cbc4da844c81d85352ea32a48c80c 11218 frr_8.4.4-1.1~deb12u2_amd64-buildd.buildinfo
 37f525b2b098aa96971c17b037b40e40b48f37e78b8f4a4db9ed364e744df8cc 3854556 frr_8.4.4-1.1~deb12u2_amd64.deb
Files:
 84111cdc280b5ecdd57d18c5f9962ed0 16781676 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 08e7d11d067f0ec093a04523d9803dca 73872 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 16a4d65885a15264c8a7969491dd4936 25116 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_amd64.deb
 3a9a07424283b945cbf4f6e49aaaee17 289364 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_amd64.deb
 0775f3b753b50f071cda9a07a4a3fc0a 63672 net optional frr-snmp_8.4.4-1.1~deb12u2_amd64.deb
 18fb5adc5ef2ac8bf7fb3dc0b4a52912 11218 net optional frr_8.4.4-1.1~deb12u2_amd64-buildd.buildinfo
 f5a2d53eddd91df5bce6324c139b34f8 3854556 net optional frr_8.4.4-1.1~deb12u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmog+rQACgkQTwt/65ON
6zf0KA//d7qd+8fJyCEAkEclvKXJptQmhxV6LVCnqHLFF58ONteDo9opJQ2H2AfD
CrIECXdZsmOtC43QlgDlJE0BbQzMReAnm9AlveAgufiXmVMwRAnpvMV+9n2AEiS9
ssW13958MixHWTfhrGmcanCHRM2bfkh1u8tte6SYeBEK4apDOMA8ATc+/xW4EA9u
ZUD/o5HcbF801f30nV5lXc0CCDXqmkUHd6RL7aDm1O3M64FA2I00IRwuGGCtukwY
ANfQkEwrheo2D/nqC9Q7JiE2Dx7muwsap6E2HvW+Qicz+D9ZLDIvSsV8ehhl4aT6
54s0jytNu6MWLt/k8JnHro+IvDmh+NJLyGmZCas+wz/EVYQm/uRgd4147HsB+OO7
7Awe+WE6J8e3sjHB97/pYXE6hzfCMLzJPFvu07IFwSmzl0aCVYymYkIR3U2XKCPr
r3LDvPfVGJhgcppkDA5qn6hb2JsA+k6Iw2yhmTXbHX2mTzfpYFJV8g7iJp/75Luu
RVwxTa/TiWzJZzgxBh67EX0BA5OpDEeGmXYTg8HhBQHLT5t9kcE51ohnMQlsQYVc
4dqYOTPmrG0qe3BS/0S8gRSY7GJ2VPzjBT6I99f9wqCdI7iXdHkDsq0IiwbZv1jX
fLdKaXofjO6HQskuZ2ZupF+mFDo4sp/h4/D8nCa6lLFXymLeZ9M=
=JfdD
-----END PGP SIGNATURE-----