Package: pmacct Version: 1.7.2-3 The version of nfacctd shipped in Buster has a bug where it can corrupt its heap under certain external inputs of BGP extended communities.
This was reported upstream[0] and fixed with a patch[1] that trivially applies against the version in Buster. We at Wikimedia are backporting it to our installs, but this should probably be backported as a stable patch in Debian at large. Refs: [0]: https://github.com/pmacct/pmacct/issues/414 [1]: https://github.com/pmacct/pmacct/commit/9bc7a154 -- Chris Danis (he/him) Sr. Site Reliability Engineer Wikimedia Foundation
