)]}'
{
  "commit": "23cd8fb7133befdb84b3a918f7b2f6147161ac6e",
  "tree": "b8ef335dcbc2051a5017aa50bc4b759882b638d2",
  "parents": [
    "a12afd5e8e57c95505d4d0166af234c7f19e9fe1"
  ],
  "author": {
    "name": "David Lamparter",
    "email": "equinox@diac24.net",
    "time": "Fri Aug 02 07:27:53 2013 +0000"
  },
  "committer": {
    "name": "David Lamparter",
    "email": "equinox@opensourcerouting.org",
    "time": "Tue Aug 06 12:41:46 2013 +0200"
  },
  "message": "ospfd: protect vs. VU#229804 (malformed Router-LSA)\n\nVU#229804 reports that, by injecting Router LSAs with the Advertising\nRouter ID different from the Link State ID, OSPF implementations can be\ntricked into retaining and using invalid information.\n\nQuagga is not vulnerable to this because it looks up Router LSAs by\n(Router-ID, LS-ID) pair.  The relevant code is in ospf_lsa.c l.3140.\nNote the double \"id\" parameter at the end.\n\nStill, we can provide an improvement here by discarding such malformed\nLSAs and providing a warning to the administrator.  While we cannot\nprevent such malformed LSAs from entering the OSPF domain, we can\ncertainly try to limit their distribution.\n\ncf. http://www.kb.cert.org/vuls/id/229804 for the vulnerability report.\nThis issue is a specification issue in the OSPF protocol that was\ndiscovered by Dr. Gabi Nakibly.\n\nReported-by: CERT Coordination Center \u003ccert@cert.org\u003e\nSigned-off-by: David Lamparter \u003cequinox@opensourcerouting.org\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "37223fbb7b8582cac824a6d8a0d4c52520d5528b",
      "old_mode": 33188,
      "old_path": "ospfd/ospf_packet.c",
      "new_id": "ab68bf0b7c3825598348a5221d1c400409523663",
      "new_mode": 33188,
      "new_path": "ospfd/ospf_packet.c"
    }
  ]
}