Version in base suite: 7.5.1-1.1

Base version: frr_7.5.1-1.1
Target version: frr_7.5.1-1.1+deb11u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/f/frr/frr_7.5.1-1.1.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/f/frr/frr_7.5.1-1.1+deb11u1.dsc

 changelog                    |    8 ++++++++
 patches/CVE-2022-37032.patch |   32 ++++++++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 41 insertions(+)

diff -Nru frr-7.5.1/debian/changelog frr-7.5.1/debian/changelog
--- frr-7.5.1/debian/changelog	2021-07-11 16:15:04.000000000 +0000
+++ frr-7.5.1/debian/changelog	2023-02-24 09:14:19.000000000 +0000
@@ -1,3 +1,11 @@
+frr (7.5.1-1.1+deb11u1) bullseye-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2022-37032: out-of-bounds read in BGP daemon that could lead to
+    segmentation fault and denial of service.
+
+ -- Aron Xu <aron@debian.org>  Fri, 24 Feb 2023 17:14:19 +0800
+
 frr (7.5.1-1.1) unstable; urgency=medium
 
   * Non-maintainer upload.
diff -Nru frr-7.5.1/debian/patches/CVE-2022-37032.patch frr-7.5.1/debian/patches/CVE-2022-37032.patch
--- frr-7.5.1/debian/patches/CVE-2022-37032.patch	1970-01-01 00:00:00.000000000 +0000
+++ frr-7.5.1/debian/patches/CVE-2022-37032.patch	2023-02-24 09:14:19.000000000 +0000
@@ -0,0 +1,32 @@
+From ff6db1027f8f36df657ff2e5ea167773752537ed Mon Sep 17 00:00:00 2001
+From: Donald Sharp <sharpd@nvidia.com>
+Date: Thu, 21 Jul 2022 08:11:58 -0400
+Subject: [PATCH] bgpd: Make sure hdr length is at a minimum of what is
+ expected
+
+Ensure that if the capability length specified is enough data.
+
+Signed-off-by: Donald Sharp <sharpd@nvidia.com>
+---
+ bgpd/bgp_packet.c | 8 ++++++++
+ 1 file changed, 8 insertions(+)
+
+Index: frr-7.5.1/bgpd/bgp_packet.c
+===================================================================
+--- frr-7.5.1.orig/bgpd/bgp_packet.c
++++ frr-7.5.1/bgpd/bgp_packet.c
+@@ -2191,6 +2191,14 @@ static int bgp_capability_msg_parse(stru
+ 				"%s CAPABILITY has action: %d, code: %u, length %u",
+ 				peer->host, action, hdr->code, hdr->length);
+ 
++		if (hdr->length < sizeof(struct capability_mp_data)) {
++			zlog_info(
++				"%pBP Capability structure is not properly filled out, expected at least %zu bytes but header length specified is %d",
++				peer, sizeof(struct capability_mp_data),
++				hdr->length);
++			return BGP_Stop;
++		}
++
+ 		/* Capability length check. */
+ 		if ((pnt + hdr->length + 3) > end) {
+ 			zlog_info("%s Capability length error", peer->host);
diff -Nru frr-7.5.1/debian/patches/series frr-7.5.1/debian/patches/series
--- frr-7.5.1/debian/patches/series	2021-07-11 16:15:01.000000000 +0000
+++ frr-7.5.1/debian/patches/series	2023-02-24 09:14:19.000000000 +0000
@@ -1 +1,2 @@
 0001-yang-fix-zebra-module.patch
+CVE-2022-37032.patch