-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sun, 30 Oct 2005 22:05:35 +0100 Source: acidlab Binary: acidlab-doc acidlab-pgsql acidlab acidlab-mysql Architecture: source all Version: 0.9.6b20-10.1 Distribution: stable-security Urgency: high Maintainer: Jeremy T. Bouse <jbouse@debian.org> Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Description: acidlab - Analysis Console for Intrusion Databases acidlab-doc - Analysis Console for Intrusion Databases (documentation) acidlab-mysql - Analysis Console for Intrusion Databases for MySQL acidlab-pgsql - Analysis Console for Intrusion Databases for Postgres Changes: acidlab (0.9.6b20-10.1) stable-security; urgency=high . * Patch [013] SECURITY fix: - Add proper filtering in all ImportHTTP variables using either the new functions to check for numeric/alphanumeric chars or the filterSql() function to prevent SQL injection attacks. This patch fixes CVE-2005-3325 but also other attack vectors not mentioned in the initial advisory (http://www.frsirt.com/english/advisories/2005/2188) Files: 0bae590a4e21f77779ee5b904d5b7457 696 web extra acidlab_0.9.6b20-10.1.dsc 02346f1d88573440afe79e8e3eca13a7 352092 web extra acidlab_0.9.6b20-10.1.diff.gz f78fc7c230991b9949cbd2eb5b0d54fc 4414 web extra acidlab-mysql_0.9.6b20-10.1_all.deb 3eaec77032a2c3e5044f3c649e802a5f 4416 web extra acidlab-pgsql_0.9.6b20-10.1_all.deb 0382bf72c1ac0121f196d26b0d8462fb 275994 web extra acidlab-doc_0.9.6b20-10.1_all.deb 9f6a40fc2f63e296c03029d04b92273c 660860 web extra acidlab_0.9.6b20-10.1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDdQZ7sandgtyBSwkRAptQAJ4z9mc9gKpC4F68w0yGWGqF5brEjQCcCh8L U8q0lz52FI99wgTfJ+7O9UY= =JLOx -----END PGP SIGNATURE----- Accepted: acidlab-doc_0.9.6b20-10.1_all.deb to pool/main/a/acidlab/acidlab-doc_0.9.6b20-10.1_all.deb acidlab-mysql_0.9.6b20-10.1_all.deb to pool/main/a/acidlab/acidlab-mysql_0.9.6b20-10.1_all.deb acidlab-pgsql_0.9.6b20-10.1_all.deb to pool/main/a/acidlab/acidlab-pgsql_0.9.6b20-10.1_all.deb acidlab_0.9.6b20-10.1.diff.gz to pool/main/a/acidlab/acidlab_0.9.6b20-10.1.diff.gz acidlab_0.9.6b20-10.1.dsc to pool/main/a/acidlab/acidlab_0.9.6b20-10.1.dsc acidlab_0.9.6b20-10.1_all.deb to pool/main/a/acidlab/acidlab_0.9.6b20-10.1_all.deb