fail2ban (0.8.4-3+squeeze2)

To: "debian-lts@lists.debian.org" <debian-lts@lists.debian.org>
Subject: fail2ban (0.8.4-3+squeeze2)
From: matteo filippetto <matteo.filippetto@gmail.com>
Date: Mon, 2 Jun 2014 23:10:54 +0200
Message-id: <[🔎] CAP+0xm5eadVB=w8+ivj2RVbG45B38fQdzC-H0FnmX=mfDxo4yg@mail.gmail.com>

Hi,

I was looking at CVE-2009-5023 of fail2ban: as reported in this page
https://security-tracker.debian.org/tracker/source-package/fail2ban
squeeze should be vulnerable.

But looking at the code (apt-get source fail2ban) I saw no evidence of
the bug...so I installed fail2ban and the config files (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 )  are
correct (i.e. use /var/run/failban and not /tmp )

Moreover

http://metadata.ftp-master.debian.org/changelogs//main/f/fail2ban/fail2ban_0.8.4-3+squeeze2_changelog

states that #544232 was closed in fail2ban (0.8.4-3+squeeze1).

Maybe I'm wrong ... if so, please tell me what I'm missing.

Regards

-- 
Matteo Filippetto
http://www.op83.eu
@matteo_1983

Reply to:

Follow-Ups:
- Re: fail2ban (0.8.4-3+squeeze2)
  - From: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
- Re: fail2ban (0.8.4-3+squeeze2)
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: Re: libplrpc-perl vs DBI vs mysql
Next by Date: Re: fail2ban (0.8.4-3+squeeze2)
Previous by thread: Re: Debian contributors looking for paid work on Squeeze LTS
Next by thread: Re: fail2ban (0.8.4-3+squeeze2)
Index(es):
- Date
- Thread