Re: Snort: Mass Bug Closing

To: debian-devel@lists.debian.org
Subject: Re: Snort: Mass Bug Closing
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 26 Aug 2003 11:18:17 -0400
Message-id: <[🔎] 20030826151817.GZ20504@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030825082930.GN15732@freshdot.net>
References: <[🔎] 20030824135745.GJ15732@freshdot.net> <[🔎] 20030824145906.GR23336@cerberus> <[🔎] 20030825082930.GN15732@freshdot.net>

On Mon, Aug 25, 2003 at 10:29:30AM +0200, Sander Smeenk wrote:

> Quoting Jamin W. Collins (jcollins@asgardsrealm.net):
> 
> > > Before you object to this rather 'rude' bughandling, please keep in
> > > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > > security exploits, 
> > So, why hasn't a security update been released for it?
> 
> There has been a DSA about Snort. That pointed to my previous backported
> packages. Neither me, nor the security team were able to backport the
> security fixes to 1.8.4, so this was the best approach, they thought.

???

snort (1.8.4beta1-3.1) stable-security; urgency=high

  * Non-maintainer upload by the Security Team
  * Applied upstream fix against integer overflow in the stream4
    preprocessor code (VU#139129, CAN-2003-0209, Bugtraq 7178,
    spp_stream4.c)
  * Applied upstream fix against buffer overflow in the RPC preprocessor
    (VU#916785, CAN-2003-0033, Bugtraq 6963, spp_rpc_decode.c)

 -- Martin Schulze <joey@infodrom.org>  Fri, 18 Apr 2003 06:13:43 +0200

-- 
 - mdz

Reply to:

References:
- Snort: Mass Bug Closing
  - From: Sander Smeenk <ssmeenk@debian.org>
- Re: Snort: Mass Bug Closing
  - From: "Jamin W. Collins" <jcollins@asgardsrealm.net>
- Re: Snort: Mass Bug Closing
  - From: Sander Smeenk <ssmeenk@debian.org>

Prev by Date: Re: On packages depending on up-to-date data (was Re: Snort: Mass Bug Closing)
Next by Date: Re: Snort: Mass Bug Closing
Previous by thread: Re: Snort: Mass Bug Closing
Next by thread: Re: Snort: Mass Bug Closing
Index(es):
- Date
- Thread