Accepted fail2ban 0.8.4-3+squeeze3 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sat, 26 Jul 2014 10:00:00 +0200
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.4-3+squeeze3
Distribution: squeeze-lts
Urgency: high
Maintainer: Yaroslav Halchenko <debian@onerussian.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
fail2ban - bans IPs that cause multiple authentication errors
Changes:
fail2ban (0.8.4-3+squeeze3) squeeze-lts; urgency=high
.
* Use anchored failregex for filters to avoid possible DoS. Manually
picked up from the current status of 0.8 branch (as of
0.8.13-29-g09b2016):
- CVE-2013-7176: postfix.conf - anchored on the front, expects
"postfix/smtpd" prefix in the log line
- CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
refactored to have a single failregex
- couriersmtp.conf - anchored on both sides
- exim.conf - front-anchored versions picked up from exim.conf
and exim-spam.conf
- lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf
(copied from the Wheezy version)
* Catch also failed logins via secured (imaps/pop3s) for cyrus-imap.
Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
Debian bug #755173
* cyrus-imap: catch "user not found" attempts
Checksums-Sha1:
51612177065fff94d68643a604564cc2e4e14254 1230 fail2ban_0.8.4-3+squeeze3.dsc
5aa2b9760c5fdbe77f04ffa7a3d4fd127a2b714c 85063 fail2ban_0.8.4.orig.tar.gz
ae97dec979f319b564dea6186db47578038356fa 33192 fail2ban_0.8.4-3+squeeze3.diff.gz
1129a7e841ae3afd0ccbce241a69edf30d55f010 98096 fail2ban_0.8.4-3+squeeze3_all.deb
Checksums-Sha256:
bf9894b0ea4846fa0ab25d44ae12303b5c2ef3762dd51a07dce8cf2ace9d1aaa 1230 fail2ban_0.8.4-3+squeeze3.dsc
186f89c43a234c124bbdf4b45d54039b1391da3ccf64f0f6314b8caf0907db5f 85063 fail2ban_0.8.4.orig.tar.gz
9bf0f8e41a07206db3e105844743b93afa7bb1b04ba63332821f92e1336cd6e4 33192 fail2ban_0.8.4-3+squeeze3.diff.gz
785d5d359ff37e63d40a845c925f6f19339201dfd873ebfd842f4ab10b5d3e2d 98096 fail2ban_0.8.4-3+squeeze3_all.deb
Files:
d7ad2e137665edfbd19c16c6bb3624ba 1230 net optional fail2ban_0.8.4-3+squeeze3.dsc
a248908e1a07cd6cd623daf6a1e03628 85063 net optional fail2ban_0.8.4.orig.tar.gz
3c688b4151cafbd1d84c337661055aa5 33192 net optional fail2ban_0.8.4-3+squeeze3.diff.gz
9a809449370133397ac4d929c81fcdbf 98096 net optional fail2ban_0.8.4-3+squeeze3_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlPTfc0ACgkQ02K2KlS5mJA8ywCglWOPrCColPtdCziZ9mEll2MO
YxAAn2buX7qhJ2m7L8joVAD1MiktZDDo
=nK/x
-----END PGP SIGNATURE-----
Reply to: