On 2026/06/02 15:37, Dan Yefihmov wrote: > On June 2, 2026 1:56:57 PM GMT+03:00, Stuart Henderson <[email protected]> > wrote: > >On 2026/06/02 10:07, Bakabaka_9 wrote: > >> Tested affected: > >> > >> - BIRD 2.16.2 > >> > >> Possibly affected: > >> > >> - Other BIRD 2.x versions using the same AS_PATH mask matching > >> implementation. > >> > >> Not affected: > >> > >> - Unknown. > >> > >> Fixed version > >> ============= > >> > >> No fixed version is available at the time of this disclosure. > > > >If you've only tried one version from April 2025, how can you can say > >with certainty that it's not been fixed since then? > > > Did you really read the report carefully? It's explicitly written there that > on May 24 the maintainers clearly written they don't currently plan to fix it!
Yes, I did. That doesn't rule out things like "don't plan to fix because it's no longer an issue". (I'm not saying whether it is or not - I haven't checked - but it seems odd that someone going to the trouble of reporting the problem and requesting a CVE* wouldn't check whether it's still valid in a current version). * https://ripe92.ripe.net/programme/meeting-plan/sessions/76/T7NMB8/ has a fun alternative definition for "CVE"
