Package: quagga Severity: grave Tags: security Version: 0.99.21-4+wheezy1 CVE-2013-6051 was assigned to this issue. DSA is coming soon.
Best Regards -christian- On Tue, 19 Nov 2013 16:25:27 +0100 David Lamparter <equi...@opensourcerouting.org> wrote: > Note that 0.99.21 has another open issue that I don't see the fix for > in the Debian package, being > http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408 > which can crash bgpd on receiving normal, valid BGP updates. (No idea > if it's exploitable.) There is no CVE number for this, the severity > was only discovered after 0.99.22, containing the fix, was already > out. 0.99.20 is not affected.
signature.asc
Description: PGP signature
