-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 30 Oct 2005 22:05:35 +0100 Source: acidlab Binary: acidlab-doc acidlab-pgsql acidlab acidlab-mysql Architecture: source all Version: 0.9.6b20-13 Distribution: unstable Urgency: high Maintainer: Jeremy T. Bouse <jbouse@debian.org> Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Description: acidlab - Analysis Console for Intrusion Databases acidlab-doc - Analysis Console for Intrusion Databases (documentation) acidlab-mysql - Analysis Console for Intrusion Databases for MySQL acidlab-pgsql - Analysis Console for Intrusion Databases for Postgres Closes: 155212 247730 270171 303217 307712 314566 315135 331732 Changes: acidlab (0.9.6b20-13) unstable; urgency=high . * Patch [013] SECURITY fix: - Add proper filtering in all ImportHTTP variables using either the new functions to check for numeric/alphanumeric chars or the filterSql() function to prevent SQL injection attacks. This patch fixes CVE-2005-3325 but also other attack vectors not mentioned in the initial advisory (http://www.frsirt.com/english/advisories/2005/2188) * Patch [014] Updated dates of php selections up to 2007 * Changed patch [010]: fix locations of Nessus * New patch [015]: fix location of Snort database, provided alternative Ports lookup and added alternative locations for DNS queries (Closes: #315135) * Fixed FSF address in debian/copyright * Patch [016]: Allow graphic data to be represented until 2007. This patch together with patch [014] means that acid's last date is 2007 which should be enough since we are going to replace it with BASE in the short term (Closes: #314566, #307712, #303217, #270171) * Document the changes that need to be done in order to extend the available year options (Closes: #247730) * Added a debian/TODO to describe how to fix the issue with new years with a simple for each loop. * Acidlab now depends on "| debconf-2.0" as requested by Joey Hess, I changed debian/packages instead of debian/control this time (Closes: #331732) * To reduce the risk of possible vulnerabilities in the code, made the default apache.conf allow access only from localhost and document this in the README file * Document the fact that this version is actually 0.9.6b20+patches from the latest upstream release 0.9.6b23 and that the later will never be released. (Closes: #155212) * Added the upstream homepage to all package descriptions. Files: 738b1a585919b2b924e24fbb34ce3be7 840 web extra acidlab_0.9.6b20-13.dsc 7b39c7253ad82010d391af41e4c97d14 354649 web extra acidlab_0.9.6b20-13.diff.gz 379034fb2cff2fdfa89544ed970337ed 5212 web extra acidlab-mysql_0.9.6b20-13_all.deb 9ef04ab7465ea79030e1a0730162dd8c 5212 web extra acidlab-pgsql_0.9.6b20-13_all.deb 70d81053834bee5af9efe9a47a2b2b69 276742 web extra acidlab-doc_0.9.6b20-13_all.deb 2a3bc0f45d4b6f7afbdc760715676563 663152 web extra acidlab_0.9.6b20-13_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iQCVAwUBQ2dxS/tEPvakNq0lAQI/TAQAqHql26lFMOqn1tMtptBx3NB8fO/UwSSq Mvr/eQHkw6b1g3ep3P5EwMh7pPzVHphUVsV8HFUXCRcYWllxYS99bir7mNWrJmvh eoBowIV/siRUUdZrNrrDQLbDW7ACgW05yE9yBBbHNw4cp9hVTbBVE1GWZv6BK6wJ kn3TycSBiQc= =fuif -----END PGP SIGNATURE----- Accepted: acidlab-doc_0.9.6b20-13_all.deb to pool/main/a/acidlab/acidlab-doc_0.9.6b20-13_all.deb acidlab-mysql_0.9.6b20-13_all.deb to pool/main/a/acidlab/acidlab-mysql_0.9.6b20-13_all.deb acidlab-pgsql_0.9.6b20-13_all.deb to pool/main/a/acidlab/acidlab-pgsql_0.9.6b20-13_all.deb acidlab_0.9.6b20-13.diff.gz to pool/main/a/acidlab/acidlab_0.9.6b20-13.diff.gz acidlab_0.9.6b20-13.dsc to pool/main/a/acidlab/acidlab_0.9.6b20-13.dsc acidlab_0.9.6b20-13_all.deb to pool/main/a/acidlab/acidlab_0.9.6b20-13_all.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org