Accepted snort 2.3.3-2 (source i386 all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 30 Sep 2005 21:21:43 +0200
Source: snort
Binary: snort-mysql snort-doc snort-rules-default snort-common snort-pgsql snort
Architecture: source i386 all
Version: 2.3.3-2
Distribution: unstable
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description:
snort - Flexible Network Intrusion Detection System
snort-common - Flexible Network Intrusion Detection System [common files]
snort-doc - Documentation for the Snort IDS [documentation]
snort-mysql - Flexible Network Intrusion Detection System [MySQL]
snort-pgsql - Flexible Network Intrusion Detection System [PostgreSQL]
snort-rules-default - Flexible Network Intrusion Detection System ruleset
Closes: 327791 328134 328134 330834
Changes:
snort (2.3.3-2) unstable; urgency=high
.
* Backport the following changes introduced in 2.4.1. Upstream changelog:
* src/log.c:
Fix problem in sniffer mode when incomplete TCP option data is received.
Thanks A Hernandez for the find.
(Closes: #328134)
Note: This is a "security" bug but no CVE is assigned, it is actually
something that can happen only if a Snort user willingly shoots himself
on the foot (uses ASCII logging mode) or if he uses the fast output
mode with some non-default options.
For a detailed view see:
Martin Roesch's mail "Snort DoS Fallacies" to snort-users and bugtraq:
http://marc.theaimsgroup.com/?l=bugtraq&m=112665341207363&w=2
http://marc.theaimsgroup.com/?l=snort-users&m=112657845119746&w=2
http://marc.theaimsgroup.com/?l=snort-users&m=112667020331513&w=2
http://marc.theaimsgroup.com/?l=snort-devel&m=112672013010948&w=2
and also
http://www.snort.org/pub-bin/snortnews.cgi#58
To summarise: The only recommended alert methods in a production sensor
are unified, syslog or database. And unified is The Right Way to run
a sensor (others have important performance issues under high load )
NOTE to Debian Security teams: I don't believe this bug merits a DSA
(or a DTSA for that matter)
(Closes: #328134)
* Backport the following changes introduced in 2.4.2. Upstream changelog:
* src/output-plugins/spo_log_database.c:
* schemas/create_mysql:
Fixes to address schema being a keyword in MySQL 5.0. Thanks Wes Young,
Adolfo Gomez, and Aleem Mawji for the updates.
(Closes: #327791)
* Added Swedish translation provided by Daniel Nylander (Closes: #330834)
Files:
188eaac5901d548951fd6d3a832a3daa 979 net optional snort_2.3.3-2.dsc
77532e7b55c82f3da4bfc108c6f9d694 259641 net optional snort_2.3.3-2.diff.gz
88fad41047c477ea2df24a72be36e627 92632 net optional snort-common_2.3.3-2_all.deb
8c8c4127c35a8ece165e98ccd9a65e09 1354328 doc optional snort-doc_2.3.3-2_all.deb
a0cab6208e547fff3d93b36e6b99b752 231472 net optional snort-rules-default_2.3.3-2_all.deb
cd456b06ca9ea588c5683d65e6c9531f 359208 net optional snort_2.3.3-2_i386.deb
3a05d076f1526556488acb3e31592f2c 366168 net extra snort-mysql_2.3.3-2_i386.deb
5753db9f0ee5565b2e84362e4045b092 365616 net optional snort-pgsql_2.3.3-2_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iQCVAwUBQz2hjvtEPvakNq0lAQJK3QP/U+ABdJ4Uu37n3ozjy8zanyKIBnm24kCd
gwotfrQEDnJaiydwg5S/1QqyPOx0i0JqQbnnhxA5YBmK8JKhxFvoIrnGImwTO/aD
AjmpzMpFZLM154/p84sbaOYCNM08wywPq/WRGQ5sc7em42i3GdNghJuueF4WIVoP
SGegPVt0h7s=
=bUhg
-----END PGP SIGNATURE-----
Accepted:
snort-common_2.3.3-2_all.deb
to pool/main/s/snort/snort-common_2.3.3-2_all.deb
snort-doc_2.3.3-2_all.deb
to pool/main/s/snort/snort-doc_2.3.3-2_all.deb
snort-mysql_2.3.3-2_i386.deb
to pool/main/s/snort/snort-mysql_2.3.3-2_i386.deb
snort-pgsql_2.3.3-2_i386.deb
to pool/main/s/snort/snort-pgsql_2.3.3-2_i386.deb
snort-rules-default_2.3.3-2_all.deb
to pool/main/s/snort/snort-rules-default_2.3.3-2_all.deb
snort_2.3.3-2.diff.gz
to pool/main/s/snort/snort_2.3.3-2.diff.gz
snort_2.3.3-2.dsc
to pool/main/s/snort/snort_2.3.3-2.dsc
snort_2.3.3-2_i386.deb
to pool/main/s/snort/snort_2.3.3-2_i386.deb
Reply to: