On 09. 03. 23 5:14, William wrote:
On 09/03/2023 13:41, Robert Scheck wrote:Hello,
Hi!
with https://bugzilla.redhat.com/show_bug.cgi?id=2176483, Red Hat pointed me today to CVE-2021-26928. https://nvd.nist.gov/vuln/detail/CVE-2021-26928 contains a reference to BIRD 2.0.7, but no link related to BIRD upstream.Do you see any chance for some comments on it (at least here)? Not sure ifMITRE adds it then as references at CVE-2021-26928.I have a PDF of the Bird help documentation that I saved in 2019 (Fossies) that lists password authentication mechanisms as per RFC2385 with extra options for BSD systems. I'll defer to the Dev team on this for the final word, but someone has some crossed wires here.
Yes, this functionality was added in 1.0.12 (12 Nov 2008). So I do not understand this CVE.
Ondrej
Thank you. Regards, RobertRegards, William
OpenPGP_signature
Description: OpenPGP digital signature
