-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Jun 2026 15:30:27 +0800
Source: frr
Binary: frr frr-dbgsym frr-rpki-rtrlib frr-rpki-rtrlib-dbgsym frr-snmp frr-snmp-dbgsym
Architecture: riscv64
Version: 10.3-3+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: riscv64 Build Daemon (rv-osuosl-02) <buildd_riscv64-rv-osuosl-02@buildd.debian.org>
Changed-By: Aron Xu <aron@debian.org>
Description:
 frr        - FRRouting Internet routing protocol suite
 frr-rpki-rtrlib - FRRouting Internet routing protocol suite (BGP RPKI support)
 frr-snmp   - FRRouting Internet routing protocol suite (SNMP support)
Changes:
 frr (10.3-3+deb13u1) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Backport upstream fixes for several BGP/OSPF parsing vulnerabilities:
     - CVE-2026-37457: off-by-one out-of-bounds write in the BGP FlowSpec
       operator decoder (bgp_flowspec_op_decode).
     - CVE-2026-28532: out-of-bounds read in OSPF TE/SR Opaque LSA TLV parsing
       caused by a truncated uint16_t length accumulator.
     - CVE-2026-5107: missing length validation when parsing EVPN Type-2/3/4
       and ENCAP/VNC NLRIs.
     - CVE-2026-37458: missing martian next-hop validation in MP_REACH_NLRI.
     - CVE-2025-61099, CVE-2025-61100, CVE-2025-61101, CVE-2025-61102,
       CVE-2025-61103, CVE-2025-61104, CVE-2025-61105, CVE-2025-61106,
       CVE-2025-61107: NULL pointer dereference in ospfd when dumping Opaque
       LSAs while OSPF packet debugging is enabled.
Checksums-Sha1:
 a02a108894386b6007d58a14e9adceab9dbb16e4 15265836 frr-dbgsym_10.3-3+deb13u1_riscv64.deb
 ba7412c116a02ff311d551895c31a9ac6157286f 95508 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_riscv64.deb
 c00be4e0eab07e2a9cbcd2c24465c1113e1fbde3 35140 frr-rpki-rtrlib_10.3-3+deb13u1_riscv64.deb
 1d82d52929881b8e31349732c3b7b8472666d047 299528 frr-snmp-dbgsym_10.3-3+deb13u1_riscv64.deb
 cd3f4b2def0311d6cde249bb45b0c1e6c99d920a 75008 frr-snmp_10.3-3+deb13u1_riscv64.deb
 f8ff474db6771e30a56201c25241b26658c2a07b 11178 frr_10.3-3+deb13u1_riscv64-buildd.buildinfo
 682d4021355c58b9a382072264310797b9e09aa4 5458196 frr_10.3-3+deb13u1_riscv64.deb
Checksums-Sha256:
 40be27110825ee404985792940b1c4cc044f52251b33e8e6db08c5229fbe7596 15265836 frr-dbgsym_10.3-3+deb13u1_riscv64.deb
 bad9747888e5ed28b9aab5fef22673b252e4e2602946b063c8e0aea9ea41e070 95508 frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_riscv64.deb
 a6e96abe97b6ac65e13d8aea1303b91e82c0d78c29a030ec0c47518faaa8f91f 35140 frr-rpki-rtrlib_10.3-3+deb13u1_riscv64.deb
 0612752e96cd865c860f4f9f02881e5ca4288d7fff1984ffb5220efefa45e789 299528 frr-snmp-dbgsym_10.3-3+deb13u1_riscv64.deb
 233049e044ebbf0288ccda0c1a0c6bf19482d542cb6abeee77e3c3fe7954b491 75008 frr-snmp_10.3-3+deb13u1_riscv64.deb
 c8faad66998161b4eae38a2ecdbb0ba2415d58b92c83131083ad999b733e6b82 11178 frr_10.3-3+deb13u1_riscv64-buildd.buildinfo
 a3f2a16b0e464deba3c9487fa8f8d13918517493459470c8f074656020afe19e 5458196 frr_10.3-3+deb13u1_riscv64.deb
Files:
 639f9439230a17349ca83a3c116776cd 15265836 debug optional frr-dbgsym_10.3-3+deb13u1_riscv64.deb
 25f2d3437945fcabb034ad2138004a51 95508 debug optional frr-rpki-rtrlib-dbgsym_10.3-3+deb13u1_riscv64.deb
 5f37653269176cdf99a8149b0e3791b3 35140 net optional frr-rpki-rtrlib_10.3-3+deb13u1_riscv64.deb
 a1db621b685720ff9b81c023d3a78584 299528 debug optional frr-snmp-dbgsym_10.3-3+deb13u1_riscv64.deb
 667b63e3664d5726335d578932a37507 75008 net optional frr-snmp_10.3-3+deb13u1_riscv64.deb
 21eb1c9c7046eb1699c6d047a99a9d2e 11178 net optional frr_10.3-3+deb13u1_riscv64-buildd.buildinfo
 a821aef269db336792c2954130aeceb5 5458196 net optional frr_10.3-3+deb13u1_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/AxPdLOtOshqz3vw/Fc5EAGpa+sFAmohADwACgkQ/Fc5EAGp
a+s6gQ//VVVrKnOGUhodVUstsET+9O1xu68FxlCPWCU7Glz0RT+AaHo2l42uM3tL
Hk55A7SqFfXNe/NbT8Jz7eugEG/1g3GVGPeE9KCyQUJtkIpZqlePJa2B+i9fX8c2
zHAgLtbgGuyxnj8OX3R5g9rKOKW5Ehyj10YQ6ToeA9W+Tl1vCDvmD0WreHu2TKGw
f+F0h+C1ZaKC9H954M5OmBui7nfirjcRmdj4Fj7xKItDV3gB6L7xBBRRSRGu30P0
8wDn3IPmB+wTjvtLS5COGykWH0773+4C39SNIQRfW5eIDj3sJd0/I6yTKLv9owja
WC4nGiDel7yiP+QyvKx0B0vhro6K8LSsn+j4NhtV9vY6OxFwZFLpw5fZ8rx1fDVG
GBnCNm2bwkn8CB5vhxUOHm1ZjIczTI6VoOEcrMa3L+GpGWtAj/NvOdCcchBae4vM
ugxF9md7y/WnWtXY5QZbfbUWcQfiEvAK5SChRq33c0/szE4O3M69u+vO9055wvyp
EUtX9Hz3592MO41YxfQm8JRD9H2WNZus3sw0Em5Ecu7KQ+uvaHhtqibmCKfdFpqp
Am5uYuZ0+08ix936vYb2S25OHVhedzURIyG3jlWK0m5LqOO11mtGjo76NRrc2Wra
4YIQcbwf8m1iNtyyTL/MqyGc4tyrgp4DHi28Ga7q02qm00y06VM=
=lti4
-----END PGP SIGNATURE-----