From ${URL} : Common Vulnerabilities and Exposures assigned an identifier CVE-2013-6051 to the following vulnerability: Name: CVE-2013-6051 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6051 Assigned: 20131008 Reference: http://git.savannah.gnu.org/gitweb/?p=quagga.git;a=commitdiff;h=8794e8d229dc9fe29ea31424883433d4880ef408 Reference: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730513 Reference: DEBIAN:DSA-2803 Reference: http://www.debian.org/security/2013/dsa-2803 The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Portage tree currently does not contain any vulnerable version(i have checked the sources of 0.99.22.4), and we have already filed GLSA for versions <0.99.22.4), so i will close that as fixed.
CVE-2013-6051 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6051): The bgp_attr_unknown function in bgp_attr.c in Quagga 0.99.21 does not properly initialize the total variable, which allows remote attackers to cause a denial of service (bgpd crash) via a crafted BGP update.