Accepted acidlab 0.9.6b20-13 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Oct 2005 22:05:35 +0100
Source: acidlab
Binary: acidlab-doc acidlab-pgsql acidlab acidlab-mysql
Architecture: source all
Version: 0.9.6b20-13
Distribution: unstable
Urgency: high
Maintainer: Jeremy T. Bouse <jbouse@debian.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org>
Description:
acidlab - Analysis Console for Intrusion Databases
acidlab-doc - Analysis Console for Intrusion Databases (documentation)
acidlab-mysql - Analysis Console for Intrusion Databases for MySQL
acidlab-pgsql - Analysis Console for Intrusion Databases for Postgres
Closes: 155212 247730 270171 303217 307712 314566 315135 331732
Changes:
acidlab (0.9.6b20-13) unstable; urgency=high
.
* Patch [013] SECURITY fix:
- Add proper filtering in all ImportHTTP variables using either the new
functions to check for numeric/alphanumeric chars or the filterSql()
function to prevent SQL injection attacks. This patch fixes CVE-2005-3325
but also other attack vectors not mentioned in the initial advisory
(http://www.frsirt.com/english/advisories/2005/2188)
* Patch [014] Updated dates of php selections up to 2007
* Changed patch [010]: fix locations of Nessus
* New patch [015]: fix location of Snort database, provided alternative
Ports lookup and added alternative locations for DNS queries (Closes: #315135)
* Fixed FSF address in debian/copyright
* Patch [016]: Allow graphic data to be represented until 2007. This patch
together with patch [014] means that acid's last date is 2007 which should be
enough since we are going to replace it with BASE in the short term
(Closes: #314566, #307712, #303217, #270171)
* Document the changes that need to be done in order to extend the available
year options (Closes: #247730)
* Added a debian/TODO to describe how to fix the issue with new years with a
simple for each loop.
* Acidlab now depends on "| debconf-2.0" as requested by Joey Hess, I
changed debian/packages instead of debian/control this time (Closes: #331732)
* To reduce the risk of possible vulnerabilities in the code, made the
default apache.conf allow access only from localhost and document this in
the README file
* Document the fact that this version is actually 0.9.6b20+patches from the
latest upstream release 0.9.6b23 and that the later will never be
released. (Closes: #155212)
* Added the upstream homepage to all package descriptions.
Files:
738b1a585919b2b924e24fbb34ce3be7 840 web extra acidlab_0.9.6b20-13.dsc
7b39c7253ad82010d391af41e4c97d14 354649 web extra acidlab_0.9.6b20-13.diff.gz
379034fb2cff2fdfa89544ed970337ed 5212 web extra acidlab-mysql_0.9.6b20-13_all.deb
9ef04ab7465ea79030e1a0730162dd8c 5212 web extra acidlab-pgsql_0.9.6b20-13_all.deb
70d81053834bee5af9efe9a47a2b2b69 276742 web extra acidlab-doc_0.9.6b20-13_all.deb
2a3bc0f45d4b6f7afbdc760715676563 663152 web extra acidlab_0.9.6b20-13_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQCVAwUBQ2dxS/tEPvakNq0lAQI/TAQAqHql26lFMOqn1tMtptBx3NB8fO/UwSSq
Mvr/eQHkw6b1g3ep3P5EwMh7pPzVHphUVsV8HFUXCRcYWllxYS99bir7mNWrJmvh
eoBowIV/siRUUdZrNrrDQLbDW7ACgW05yE9yBBbHNw4cp9hVTbBVE1GWZv6BK6wJ
kn3TycSBiQc=
=fuif
-----END PGP SIGNATURE-----
Accepted:
acidlab-doc_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-doc_0.9.6b20-13_all.deb
acidlab-mysql_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-mysql_0.9.6b20-13_all.deb
acidlab-pgsql_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-pgsql_0.9.6b20-13_all.deb
acidlab_0.9.6b20-13.diff.gz
to pool/main/a/acidlab/acidlab_0.9.6b20-13.diff.gz
acidlab_0.9.6b20-13.dsc
to pool/main/a/acidlab/acidlab_0.9.6b20-13.dsc
acidlab_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab_0.9.6b20-13_all.deb
Reply to: