)]}'
{
  "log": [
    {
      "commit": "c51443f4aa6b7f0b0d6ad5409ad7d4b215092443",
      "tree": "effbe8695f7bfd0ed5261b08d5beddb66cceed64",
      "parents": [
        "78116ab6e1524815910658898620776ae5fd4d18"
      ],
      "author": {
        "name": "David Lamparter",
        "email": "equinox@opensourcerouting.org",
        "time": "Mon Jul 08 23:05:28 2013 +0200"
      },
      "committer": {
        "name": "David Lamparter",
        "email": "equinox@opensourcerouting.org",
        "time": "Sun Jul 28 16:13:10 2013 +0200"
      },
      "message": "ospfd: CVE-2013-2236, stack overrun in apiserver\n\nthe OSPF API-server (exporting the LSDB and allowing announcement of\nOpaque-LSAs) writes past the end of fixed on-stack buffers.  This leads\nto an exploitable stack overflow.\n\nFor this condition to occur, the following two conditions must be true:\n- Quagga is configured with --enable-opaque-lsa\n- ospfd is started with the \"-a\" command line option\n\nIf either of these does not hold, the relevant code is not executed and\nthe issue does not get triggered.\n\nSince the issue occurs on receiving large LSAs (larger than 1488 bytes),\nit is possible for this to happen during normal operation of a network.\nIn particular, if there is an OSPF router with a large number of\ninterfaces, the Router-LSA of that router may exceed 1488 bytes and\ntrigger this, leading to an ospfd crash.\n\nFor an attacker to exploit this, s/he must be able to inject valid LSAs\ninto the OSPF domain.  Any best-practice protection measure (using\ncrypto authentication, restricting OSPF to internal interfaces, packet\nfiltering protocol 89, etc.) will prevent exploitation.  On top of that,\nremote (not on an OSPF-speaking network segment) attackers will have\ndifficulties bringing up the adjacency needed to inject a LSA.\n\nThis patch only performs minimal changes to remove the possibility of a\nstack overrun.  The OSPF API in general is quite ugly and needs a\nrewrite.\n\nReported-by: Ricky Charlet \u003cricky.charlet@hp.com\u003e\nCc: Florian Weimer \u003cfweimer@redhat.com\u003e\nSigned-off-by: David Lamparter \u003cequinox@opensourcerouting.org\u003e\n"
    },
    {
      "commit": "837d16ccbe0fca413f8927da6a34b1e97ccada8a",
      "tree": "7aed5a517b619c03d11bf567f6a14cda6f8f5efe",
      "parents": [
        "655071f44aab42e89bcece3a93da456fdd0d913a"
      ],
      "author": {
        "name": "Balaji.G",
        "email": "balajig81@gmail.com",
        "time": "Wed Sep 26 14:09:10 2012 +0530"
      },
      "committer": {
        "name": "David Lamparter",
        "email": "equinox@opensourcerouting.org",
        "time": "Thu Oct 25 10:15:59 2012 -0700"
      },
      "message": "*: use array_size() helper macro\n\nUse the array_size() helper macro.  Replaces several instances of local\nmacros with the same definition.\n\nReviewed-by: Scott Feldman \u003csfeldma@cumulusnetworks.com\u003e\nSigned-off-by: David Lamparter \u003cequinox@opensourcerouting.org\u003e\n"
    },
    {
      "commit": "072990e22e66ed9a15261b70658dc4a8801975b5",
      "tree": "6fd4e1dcfb4d076a5c14ab148da71679b06a6322",
      "parents": [
        "8f6f78a761fc66f9668b68810a1bac032227b2d1"
      ],
      "author": {
        "name": "Paul Jakma",
        "email": "paul@quagga.net",
        "time": "Mon Apr 11 16:28:16 2011 +0100"
      },
      "committer": {
        "name": "Paul Jakma",
        "email": "paul@quagga.net",
        "time": "Wed Apr 13 15:13:33 2011 +0100"
      },
      "message": "ospf: Fix OSPF API and ospf-te LSA refreshers to match recent API change\n\n* ospf_apiserver.{c,h}: (ospf_apiserver_lsa_refresher) refreshers must now\n  return the refreshed LSA.\n* ospf_te.{c,h}: (ospf_mpls_te_lsa_refresh) ditto\n* ospf_api.c: trivial compiler warning fix\n"
    },
    {
      "commit": "393deb9bd663361e6b110d579a8b1d4c22667068",
      "tree": "e93ebf2f57bf92ff7a9cd045764b3cdbb99a07e5",
      "parents": [
        "3453a7122c1d585ad789ed0f63deb90cc5e89fae"
      ],
      "author": {
        "name": "Stephen Hemminger",
        "email": "stephen.hemminger@vyatta.com",
        "time": "Mon Aug 18 14:13:29 2008 -0700"
      },
      "committer": {
        "name": "Paul Jakma",
        "email": "paul@quagga.net",
        "time": "Fri Jun 12 17:07:49 2009 +0100"
      },
      "message": "[cleanup] Convert XMALLOC/memset to XCALLOC\n\nSimple conversion of XMALLOC/memset to XCALLOC\n"
    },
    {
      "commit": "00c290e02edd6c906b669de9f31a45d14ed8bec0",
      "tree": "5d81084291d38b18144e6f53847026d24587b400",
      "parents": [
        "89368d9f8b70fef5c196db9055bd6a7e7aaa4f36"
      ],
      "author": {
        "name": "paul",
        "email": "paul",
        "time": "Sat Nov 26 09:21:43 2005 +0000"
      },
      "committer": {
        "name": "paul",
        "email": "paul",
        "time": "Sat Nov 26 09:21:43 2005 +0000"
      },
      "message": "[c99] change gcc zero-length array to C99 flexible array declaration\n\n2005-11-26 Paul Jakma \u003cpaul.jakma@sun.com\u003e\n\n\t* buffer.c: (struct buffer_data) change gcc zero array\n\t  declaration to C99 incomplete array.\n\t* stream.h: (struct stream) same\n\t* ospf_api.c: (struct opaque_lsa) same\n"
    },
    {
      "commit": "3623814abc4df8435d2fc50697c6d7fc66f21088",
      "tree": "520bef46117e4c81956d4c1aeb23afcc339db832",
      "parents": [
        "d751f00299e0cd9be8f0e702288efe48ac1ddbca"
      ],
      "author": {
        "name": "paul",
        "email": "paul",
        "time": "Tue Oct 11 04:12:54 2005 +0000"
      },
      "committer": {
        "name": "paul",
        "email": "paul",
        "time": "Tue Oct 11 04:12:54 2005 +0000"
      },
      "message": "2005-10-11 Paul Jakma \u003cpaul.jakma@sun.com\u003e\n\n\t* ospf_api.c: sign warnings.\n\t* ospf_apiserver.c: sign warning and convert all the struct\n\t  in_addr initialisations so as not to make assumptions about\n\t  how this struct is organised, initialise the s_addr member\n\t  explicitely.\n\t* ospf_packet.c: Add const qualifier to auth_key.\n"
    },
    {
      "commit": "e84cc647f194593ebd1805422376f2a30e3e06e3",
      "tree": "1a2fcbc233df7d3c143d13fce2b19c83da63bccc",
      "parents": [
        "b9e7028fb2f626e1d345c6d52ace0567a410647f"
      ],
      "author": {
        "name": "ajs",
        "email": "ajs",
        "time": "Wed Dec 08 17:28:56 2004 +0000"
      },
      "committer": {
        "name": "ajs",
        "email": "ajs",
        "time": "Wed Dec 08 17:28:56 2004 +0000"
      },
      "message": "2004-12-08 Andrew J. Schorr \u003cajschorr@alumni.princeton.edu\u003e\n\n\t* *.c: Change level of debug messages to LOG_DEBUG.\n"
    },
    {
      "commit": "6099b3b56956322567323c11fd698b2328c6826b",
      "tree": "fa537bd0eaa9f7d824f39445eabc928db59050ca",
      "parents": [
        "ae5e24d8678f1e3a60dde58d3382c5ba73d6bb27"
      ],
      "author": {
        "name": "ajs",
        "email": "ajs",
        "time": "Sat Nov 20 02:06:59 2004 +0000"
      },
      "committer": {
        "name": "ajs",
        "email": "ajs",
        "time": "Sat Nov 20 02:06:59 2004 +0000"
      },
      "message": "2004-11-19 Andrew J. Schorr \u003cajschorr@alumni.princeton.edu\u003e\n\n\t* global: Replace strerror with safe_strerror.  And vtysh/vtysh.c\n\t  needs to include \"log.h\" to pick up the declaration.\n"
    },
    {
      "commit": "2d33f157898e50c2855cd014a9f50696dca8a77b",
      "tree": "72663785bce70ff0d6d0646e4eaf6d46b1806aad",
      "parents": [
        "f9a80b452fcfec697988d77a8309a8c62ffa6007"
      ],
      "author": {
        "name": "paul",
        "email": "paul",
        "time": "Mon Mar 17 01:10:58 2003 +0000"
      },
      "committer": {
        "name": "paul",
        "email": "paul",
        "time": "Mon Mar 17 01:10:58 2003 +0000"
      },
      "message": "Addition of OSPF-API - Amir Guindehi \u003cnospam.amir@datacore.ch\u003e\n"
    }
  ]
}