From ripe.bahe at manchmal.in-ulm.de  Wed May 28 00:11:43 2014
From: ripe.bahe at manchmal.in-ulm.de (Christoph Biedl)
Date: Wed, 28 May 2014 00:11:43 +0200
Subject: libbgpdump overall maintenance status, and looking for a security
	contact
Message-ID: <1401227880@msgid.manchmal.in-ulm.de>

Hello,

according to the archive this list never saw much activity, and has
been completely dead the past year. So let's see whether it actually
still has readers ...

My question is, is there still anyone doing maintenance on libbgpdump?
The bug tracker has a few open issues that affect virtually every user
of that package. And there are some more, as I wrote in issue #19:

| while packaging libbgpdump for the Debian Linux distribution, I
| found a few more issues than already listed here. In the spirit of
| responsible disclosure I'd like to give you an opportinity fix the
| vulnerabilities before they are public. This should be done together
| with the at least three longstanding issues #2 (duplicates: #10,
| #13, #17, #18), #12 and #15 that can be found here.

So whoever is in charge, please get in touch with me.

    Christoph



From romeo.zwart at ripe.net  Wed May 28 09:24:10 2014
From: romeo.zwart at ripe.net (Romeo Zwart)
Date: Wed, 28 May 2014 09:24:10 +0200
Subject: libbgpdump overall maintenance status, and looking for a security
	contact
In-Reply-To: <1401227880@msgid.manchmal.in-ulm.de>
References: <1401227880@msgid.manchmal.in-ulm.de>
Message-ID: <53858F1A.9030205@ripe.net>

hi Christoph,

On 14/05/28 00:11 , Christoph Biedl wrote:
> Hello,
> 
> according to the archive this list never saw much activity, and has
> been completely dead the past year. So let's see whether it actually
> still has readers ...
>
> My question is, is there still anyone doing maintenance on libbgpdump?
> The bug tracker has a few open issues that affect virtually every user
> of that package. And there are some more, as I wrote in issue #19:
> 
> | while packaging libbgpdump for the Debian Linux distribution, I
> | found a few more issues than already listed here. In the spirit of
> | responsible disclosure I'd like to give you an opportinity fix the
> | vulnerabilities before they are public. This should be done together
> | with the at least three longstanding issues #2 (duplicates: #10,
> | #13, #17, #18), #12 and #15 that can be found here.
> 
> So whoever is in charge, please get in touch with me.

Thanks for raising this to our attention. As you will have noticed
libbgpdump is currently not actively maintained.

We will look into this and come back to you asap.

Cheers,
Romeo Zwart
RIPE NCC




> 
>     Christoph
> 
>