Re: Snort: Mass Bug Closing
On Mon, Aug 25, 2003 at 10:29:30AM +0200, Sander Smeenk wrote:
> Quoting Jamin W. Collins (jcollins@asgardsrealm.net):
>
> > > Before you object to this rather 'rude' bughandling, please keep in
> > > mind that version 1.8.4 of snort, which is in stable, has 3 severe
> > > security exploits,
> > So, why hasn't a security update been released for it?
>
> There has been a DSA about Snort. That pointed to my previous backported
> packages. Neither me, nor the security team were able to backport the
> security fixes to 1.8.4, so this was the best approach, they thought.
???
snort (1.8.4beta1-3.1) stable-security; urgency=high
* Non-maintainer upload by the Security Team
* Applied upstream fix against integer overflow in the stream4
preprocessor code (VU#139129, CAN-2003-0209, Bugtraq 7178,
spp_stream4.c)
* Applied upstream fix against buffer overflow in the RPC preprocessor
(VU#916785, CAN-2003-0033, Bugtraq 6963, spp_rpc_decode.c)
-- Martin Schulze <joey@infodrom.org> Fri, 18 Apr 2003 06:13:43 +0200
--
- mdz
Reply to: