It is unclear looking at the upstream issue and pull requests if this affects gobgp < v4.2.0 or not. If only v4.2.0 is affected, then this CVE doesn't affect any version of gobgp in Debian.
The fix consists of two PRs: * https://github.com/osrg/gobgp/pull/3319 (included in v4.3.0) * https://github.com/osrg/gobgp/pull/3326 (not yet in a release) Mathias
signature.asc
Description: This is a digitally signed message part
