Accepted acidbase 1.2.1-1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 31 Oct 2005 15:41:55 +0100
Source: acidbase
Binary: acidbase
Architecture: source all
Version: 1.2.1-1
Distribution: unstable
Urgency: low
Maintainer: David Gil <dgil@telefonica.net>
Changed-By: David Gil <dgil@telefonica.net>
Description:
acidbase - Basic Analysis and Security Engine
Closes: 336788
Changes:
acidbase (1.2.1-1) unstable; urgency=low
.
[ David Gil ]
* New upstream release.
.
[ Javier Fernandez-Sanguino Pen~a ]
* SECURITY FIX:
Add proper filtering in all ImportHTTP variables using either the new
functions to check for numeric/alphanumeric chars or the filterSql()
function to prevent SQL injection attacks. This patch fixes CVE-2005-3325
but also other attack vectors not mentioned in the initial advisory
(http://www.frsirt.com/english/advisories/2005/2188)
(Closes: #336788)
* To reduce the risk of possible vulnerabilities in the code, made the
default apache.conf allow access only from localhost and document this
in the (new) README.Debian file
* Added dependency on "debconf | debconf-2.0"
* Added alternative DNS lookups at Sam Spade
* Changed default alert database in debconf prompt to 'snort_log'
Files:
de476efbd9c448da1b6e80f30fd50e07 663 web optional acidbase_1.2.1-1.dsc
e732154e15cf0bc7e356b609e975bda6 344378 web optional acidbase_1.2.1.orig.tar.gz
978bf6152188b357c92bbde3306988dd 10411 web optional acidbase_1.2.1-1.diff.gz
7756f03360c740b1a62804c7ca8befdf 346190 web optional acidbase_1.2.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDaTBFsandgtyBSwkRAq89AJ9u9xt3jmjtn16J7JVrMPaqwjwVPQCeIzp0
+7itgBYd1SSgFh5dnXYUC3Q=
=lD71
-----END PGP SIGNATURE-----
Accepted:
acidbase_1.2.1-1.diff.gz
to pool/main/a/acidbase/acidbase_1.2.1-1.diff.gz
acidbase_1.2.1-1.dsc
to pool/main/a/acidbase/acidbase_1.2.1-1.dsc
acidbase_1.2.1-1_all.deb
to pool/main/a/acidbase/acidbase_1.2.1-1_all.deb
acidbase_1.2.1.orig.tar.gz
to pool/main/a/acidbase/acidbase_1.2.1.orig.tar.gz
Reply to: