gobgp (1.29-1ubuntu0.1+esm2) bionic-security; urgency=medium

  * SECURITY UPDATE: out of bounds read
    - debian/patches/CVE-2026-37461-1.patch: fix insufficient length check
      in ParseIP6Extended in pkg/packet/bgp/bgp.go.
    - debian/patches/CVE-2026-37461-2.patch: fix uint16 underflow in
      BGPUpdate.DecodeFromBytes in pkg/packet/bgp/bgp.go
    - CVE-2026-37461
  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2026-41643.patch: fix panic when AS4_PATH appears
      before AS_PATH in internal/pkg/table/message.go
    - CVE-2026-41643
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2026-7735.patch: packet/bgp: Fix AIGP PathAttribute
      parser to return errors in pkg/packet/bgp/bgp.go.
    - CVE-2026-7735
  * SECURITY UPDATE: Out of bounds read
    - debian/patches/CVE-2026-7737.patch: packet/bmp: validate ParseBody input
      length before reading fields in pkg/packet/bmp/bmp.go.
    - CVE-2026-7737
  * SECURITY UPDATE: buffer overflow
    - debian/patches/CVE-2026-7736.patch: packet/mrt: fix uint16 underflow in
      parseRibEntry path attribute loop in pkg/packet/mrt/mrt.go.
    - CVE-2026-7736

 -- Shishir Subedi <shishir.subedi@canonical.com>  Fri, 29 May 2026 14:12:01 +0545

gobgp (1.29-1ubuntu0.1+esm1) bionic-security; urgency=medium

  * SECURITY UPDATE: denial of service
    - debian/patches/CVE-2025-43970.patch: pkg/packet/mrt: fix parser to
      check the input length
    - debian/patches/CVE-2025-43972.patch: pkg/packet/bgp: fix flowspec
      parser to check the input length
    - debian/patches/CVE-2025-43973.patch: pkg/packet/rtr: fix parser to
      check the input length
    - CVE-2025-43970
    - CVE-2025-43972
    - CVE-2025-43973

 -- Shishir Subedi <shishir.subedi@canonical.com>  Fri, 18 Jul 2025 13:12:19 +0545

gobgp (1.29-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Fri, 16 Mar 2018 14:38:15 +0100

gobgp (1.28-1) unstable; urgency=medium

  * New upstream release.
  * d/patches: add patch to use old signature for uuid.NewV4().

 -- Vincent Bernat <bernat@debian.org>  Sat, 10 Feb 2018 16:30:20 +0100

gobgp (1.27-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Sat, 06 Jan 2018 14:03:21 +0100

gobgp (1.26-1) unstable; urgency=medium

  * New upstream release.
  * d/control: do not put golang-* package in golang section.
  * d/control: bump Standards-Version.
  * d/install: also ships gobmpd.

 -- Vincent Bernat <bernat@debian.org>  Tue, 12 Dec 2017 15:13:49 +0100

gobgp (1.25-1) unstable; urgency=medium

  * New upstream release.
  * d/control: switch priority to optional.
  * d/control: put golang-* package in golang section.

 -- Vincent Bernat <bernat@debian.org>  Sat, 11 Nov 2017 21:25:11 +0100

gobgp (1.24-1) unstable; urgency=medium

  * New upstream release.
  * d/control: bump Standards-Version.
  * d/control: no build-depends on dh-systemd.

 -- Vincent Bernat <bernat@debian.org>  Sat, 07 Oct 2017 08:40:52 +0200

gobgp (1.23-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Thu, 07 Sep 2017 08:04:57 +0200

gobgp (1.22-1) unstable; urgency=medium

  * New upstream release.
  * d/watch: update to take the source tarball only.
  * d/rules: install documentation before running tests.
  * d/control: bump Standards-Version.

 -- Vincent Bernat <bernat@debian.org>  Tue, 08 Aug 2017 18:17:25 +0200

gobgp (1.21-1) unstable; urgency=medium

  * New upstream release.
  * Upload to unstable.
  * Build-Depends on golang-github-sirupsen-logrus-dev (>= 0.11.0-2~) due
    to capitalization change.

 -- Vincent Bernat <bernat@debian.org>  Tue, 04 Jul 2017 10:51:54 +0200

gobgp (1.20-1) experimental; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Mon, 05 Jun 2017 06:20:42 +0200

gobgp (1.19-1) experimental; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Wed, 24 May 2017 11:09:04 +0200

gobgp (1.18-1) experimental; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Thu, 13 Apr 2017 09:40:06 +0200

gobgp (1.17-1) experimental; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Wed, 15 Mar 2017 09:09:19 +0100

gobgp (1.15-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Sun, 08 Jan 2017 17:48:49 +0100

gobgp (1.14-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Sun, 25 Dec 2016 17:27:10 +0100

gobgp (1.13-1) unstable; urgency=medium

  * New upstream release.
    - Fix FTBFS on 32-bit archs due to overflow. Closes: #840031.

 -- Vincent Bernat <bernat@debian.org>  Sun, 13 Nov 2016 18:57:54 +0100

gobgp (1.12-1) unstable; urgency=medium

  * New upstream release.
    - Fix FTBFS on i386 due to the use of syscall.SYS_SETSOCKOPT.
      Closes: #836805

 -- Vincent Bernat <bernat@debian.org>  Fri, 07 Oct 2016 18:00:12 +0200

gobgp (1.11-1) unstable; urgency=medium

  * New upstream release.

 -- Vincent Bernat <bernat@debian.org>  Sat, 17 Sep 2016 10:06:46 +0200

gobgp (1.10-1) unstable; urgency=medium

  * Initial release (Closes: #825183)

 -- Vincent Bernat <bernat@debian.org>  Fri, 02 Sep 2016 14:06:23 +0200
