fail2ban (0.8.4-3+squeeze2)
Hi,
I was looking at CVE-2009-5023 of fail2ban: as reported in this page
https://security-tracker.debian.org/tracker/source-package/fail2ban
squeeze should be vulnerable.
But looking at the code (apt-get source fail2ban) I saw no evidence of
the bug...so I installed fail2ban and the config files (
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 ) are
correct (i.e. use /var/run/failban and not /tmp )
Moreover
http://metadata.ftp-master.debian.org/changelogs//main/f/fail2ban/fail2ban_0.8.4-3+squeeze2_changelog
states that #544232 was closed in fail2ban (0.8.4-3+squeeze1).
Maybe I'm wrong ... if so, please tell me what I'm missing.
Regards
--
Matteo Filippetto
http://www.op83.eu
@matteo_1983
Reply to: