)]}'
{
  "commit": "2db962760426ddb9e266f9a4bc0b274584c819cc",
  "tree": "406ea2dc4196e9904ab9832a7dae548f4cdcf91d",
  "parents": [
    "405e9e19eb6ce62fa4f3f39a1f73990db9e146b7"
  ],
  "author": {
    "name": "Paul Jakma",
    "email": "paul.jakma@hpe.com",
    "time": "Mon Feb 08 14:46:28 2016 +0000"
  },
  "committer": {
    "name": "Paul Jakma",
    "email": "paul.jakma@hpe.com",
    "time": "Tue Mar 08 17:53:22 2016 +0000"
  },
  "message": "lib: zclient can overflow (struct interface) hw_addr if zebra is evil\n\n* lib/zclient.c: (zebra_interface_if_set_value) The hw_addr_len field\n  is used as trusted input to read off the hw_addr and write to the\n  INTERFACE_HWADDR_MAX sized hw_addr field.  The read from the stream is\n  bounds-checked by the stream abstraction, however the write out to the\n  heap can not be.\n\n  Tighten the supplied length to stream_get used to do the write.\n\n  Impact: a malicious zebra can overflow the heap of clients using the ZServ\n  IPC.  Note that zebra is already fairly trusted within Quagga.\n\nReported-by: Kostya Kortchinsky \u003ckostyak@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "9188c018328d52d1cc94d661a9b3820e2a83522e",
      "old_mode": 33188,
      "old_path": "lib/zclient.c",
      "new_id": "610008b4d03c582284a9d7107211873448ee09f0",
      "new_mode": 33188,
      "new_path": "lib/zclient.c"
    }
  ]
}