Comments on CVE-2021-26928?
Ondrej Filip
feela at network.cz
Thu Mar 9 08:15:44 CET 2023
On 09. 03. 23 5:14, William wrote:
> On 09/03/2023 13:41, Robert Scheck wrote:
>> Hello,
Hi!
>>
>> with https://bugzilla.redhat.com/show_bug.cgi?id=2176483, Red Hat
>> pointed
>> me today to CVE-2021-26928.
>> https://nvd.nist.gov/vuln/detail/CVE-2021-26928
>> contains a reference to BIRD 2.0.7, but no link related to BIRD
>> upstream.
>>
>> Do you see any chance for some comments on it (at least here)? Not
>> sure if
>> MITRE adds it then as references at CVE-2021-26928.
>
> I have a PDF of the Bird help documentation that I saved in 2019
> (Fossies) that lists password authentication mechanisms as per RFC2385
> with extra options for BSD systems. I'll defer to the Dev team on
> this for the final word, but someone has some crossed wires here.
Yes, this functionality was added in 1.0.12 (12 Nov 2008). So I do not
understand this CVE.
Ondrej
>
>>
>> Thank you.
>>
>>
>> Regards,
>> Robert
>
> Regards,
> William
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 840 bytes
Desc: OpenPGP digital signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20230309/0d5a6e55/attachment.sig>
More information about the Bird-users
mailing list