-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: arm64
Version: 8.4.4-1.1~deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: arm64 Build Daemon (arm-conova-03) <buildd_arm64-arm-conova-03@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting suite of internet protocols (BGP, OSPF, IS-IS, ...)
 frr-rpki-rtrlib - FRRouting suite - BGP RPKI support (rtrlib)
 frr-snmp   - FRRouting suite - SNMP support
Changes:
 frr (8.4.4-1.1~deb12u2) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF/babeld vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder.
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated length accumulator (ospf_te_delete_te hunk adapted
       to the 8.4.4 edge-key code).
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4 and
       ENCAP/VNC NLRIs (hand-ported to the 8.4.4 EVPN code).
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
     - CVE-2023-3748: infinite loop (DoS) in babeld packet parsing.
     - CVE-2024-27913, CVE-2024-31950, CVE-2024-31951, CVE-2024-34088: crashes
       and buffer overflows in OSPF Traffic Engineering / Opaque LSA parsing.
Checksums-Sha1:
 02e3e6f6dd515ca1a3d2c77209de5d432303b1ce 16657000 frr-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 2ec466c1557226cb4aa524d0453926925c139c92 73696 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 c8178bde33d3a2c9652e91ac6eb2154f03df5b61 25192 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_arm64.deb
 47408720ee4e4de796610a15c184eafa3872bca4 285152 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 d93008570d1084d51d7d0087b6d4e5eb41010baf 60060 frr-snmp_8.4.4-1.1~deb12u2_arm64.deb
 0c7b215f494cda240c6a6fe196f5ca71be94d2d7 11233 frr_8.4.4-1.1~deb12u2_arm64-buildd.buildinfo
 d78515a5350d431190084bec58737b590705b828 3696436 frr_8.4.4-1.1~deb12u2_arm64.deb
Checksums-Sha256:
 d192bf672b370e00c2af9093a93587e15f38873c218dd2001bd2b4501824f0fb 16657000 frr-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 44a24a46a466c35faabdc9fedb099479ba1b5d950fb7c6e84973fd8f7dc5b112 73696 frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 1ecaec5670a39106798684cd911ea59fc27f643298c76f4cfe55823a9f080357 25192 frr-rpki-rtrlib_8.4.4-1.1~deb12u2_arm64.deb
 a6d3e04ada3a6693a24859c587828ae6da8668d9fc442a063a3119c87d49e79a 285152 frr-snmp-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 20f8a7f7528d3de341152d9b9e5179adf8b668b2c311bc8f683ca490a1897b13 60060 frr-snmp_8.4.4-1.1~deb12u2_arm64.deb
 68f6f186a4c2b91fe2d5a6b6eeae127828ec2552ac2c7de1c6ca27a8bdcd2c5d 11233 frr_8.4.4-1.1~deb12u2_arm64-buildd.buildinfo
 ad77b1f43673cbc6cc6221e03eee2ae41835fe23db8174733637d81c91920ce6 3696436 frr_8.4.4-1.1~deb12u2_arm64.deb
Files:
 44b79355f4b3e0f05422e09136a0504d 16657000 debug optional frr-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 4c26d650b97820c70b9ca6a8e0503d99 73696 debug optional frr-rpki-rtrlib-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 85ef3302c82f6de36c45a95166804371 25192 net optional frr-rpki-rtrlib_8.4.4-1.1~deb12u2_arm64.deb
 5044915c96423bf87767eb0c2a80ba63 285152 debug optional frr-snmp-dbgsym_8.4.4-1.1~deb12u2_arm64.deb
 3661089437245afadcdc39aa07e28e9d 60060 net optional frr-snmp_8.4.4-1.1~deb12u2_arm64.deb
 dcd11efa2838a054af8de57745c2b4a1 11233 net optional frr_8.4.4-1.1~deb12u2_arm64-buildd.buildinfo
 e7e8af04e8c0fc85971d3cba2d9b7ee5 3696436 net optional frr_8.4.4-1.1~deb12u2_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEElFiH1oZRZh1t4FSiXVp1sEH/1mIFAmog+pIACgkQXVp1sEH/
1mLtRBAAochbQmW5DubO+/hJ608q3rcsh8NRF7cEJzbYn5z803qOt1oAy/nT8f0s
uXA5W/3A1L0Q2cgmN0JgRIgFkd6oWRlF1j0TDLoIMr7DMESzZLmvi7TAfCharJ7n
3hKVlfZwkprhMRK9m11cRf5H2oN/7zKdpmU2nFxmPh6Sqv1GmuC9Un9u0U5lStrz
f36cGFtj2OGQeY91b8gC2P0/QuadDTNys5TmONO65j+NO7L18SIUm+vjKYEmuaPc
FZ56uzmWjlp3oTswqIVGRTKShF1fjlOrZ7WNeRimnkUEEpy//xb1JUXE9oopCfGT
6w3724DNu1S7vWyAzeZ1r3FCez0ZJnH6iaAumsrmEBPGGxtGQZRj9bC+RqdaiO/I
eITi1h6PfMt6TBqPL3J7/QzC50jMXAB0DhPbd+ryKgZRbbG5wTFAfnjRxZMq+XjT
/VUk7mrN48nGXHNed/zFwjaDoEb6XJzHQQegy/hUDTTbHpoMXJw9ZtbQmMjUiZqH
w9t6BN6auGIK+0KxRnnAS2aBEzZC1VPtHl5NRYn6feI7hVow7T24fR6GrvduEElZ
dIwJQjzycXbDl22w7TGPU0qKp7TgToWeiVhMkPuETsm9J0odMOWPMdZzbQXGmLlg
8OOfVMcpmQnbcQbTHW7aNybH8+4k1fUR91FVPB9LKBvnKO+b1n8=
=DDaT
-----END PGP SIGNATURE-----