CVE-2019-16159 (https://nvd.nist.gov/vuln/detail/CVE-2019-16159): BIRD Internet Routing Daemon 1.6.x through 1.6.7 and 2.x through 2.0.5 has a stack-based buffer overflow. The BGP daemon's support for RFC 8203 administrative shutdown communication messages included an incorrect logical expression when checking the validity of an input message. Sending a shutdown communication with a sufficient message length causes a four-byte overflow to occur while processing the message, where two of the overflow bytes are attacker-controlled and two are fixed.
Package has no stable ebuild.
@maintainer(s), please cleanup!
Maintainer(s), please drop the vulnerable version(s).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3b234888717bd5e3377ac77a668f2686d3b98ead commit 3b234888717bd5e3377ac77a668f2686d3b98ead Author: Aaron Bauman <bman@gentoo.org> AuthorDate: 2020-06-20 01:13:29 +0000 Commit: Aaron Bauman <bman@gentoo.org> CommitDate: 2020-06-20 01:13:29 +0000 net-misc/bird: drop vulnerable Bug: https://bugs.gentoo.org/695530 Signed-off-by: Aaron Bauman <bman@gentoo.org> net-misc/bird/Manifest | 9 ----- net-misc/bird/bird-1.6.3-r1.ebuild | 68 -------------------------------------- net-misc/bird/bird-1.6.4.ebuild | 68 -------------------------------------- net-misc/bird/bird-1.6.5.ebuild | 68 -------------------------------------- net-misc/bird/bird-1.6.6.ebuild | 68 -------------------------------------- net-misc/bird/bird-2.0.2.ebuild | 36 -------------------- net-misc/bird/bird-2.0.3.ebuild | 36 -------------------- net-misc/bird/bird-2.0.4.ebuild | 36 -------------------- net-misc/bird/bird-2.0.5.ebuild | 36 -------------------- net-misc/bird/bird-2.0.6.ebuild | 36 -------------------- 10 files changed, 461 deletions(-)
