Debian Package Tracker

From: David Gil <dgil@telefonica.net>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted acidbase 1.2.1-1 (source all)
Date: Wed, 02 Nov 2005 15:02:06 -0800
Signed by: Javier Fernández-Sanguino Peña <jfs@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 31 Oct 2005 15:41:55 +0100
Source: acidbase
Binary: acidbase
Architecture: source all
Version: 1.2.1-1
Distribution: unstable
Urgency: low
Maintainer: David Gil <dgil@telefonica.net>
Changed-By: David Gil <dgil@telefonica.net>
Description: 
 acidbase   - Basic Analysis and Security Engine
Closes: 336788
Changes: 
 acidbase (1.2.1-1) unstable; urgency=low
 .
   [ David Gil ]
   * New upstream release.
 .
   [ Javier Fernandez-Sanguino Pen~a ]
   * SECURITY FIX:
     Add proper filtering in all ImportHTTP variables using either the new
     functions to check for numeric/alphanumeric chars or the filterSql()
     function to prevent SQL injection attacks. This patch fixes CVE-2005-3325
     but also other attack vectors not mentioned in the initial advisory
     (http://www.frsirt.com/english/advisories/2005/2188)
     (Closes: #336788)
   * To reduce the risk of possible vulnerabilities in the code, made the
     default apache.conf allow access only from localhost and document this
     in the (new) README.Debian file
   * Added dependency on "debconf | debconf-2.0"
   * Added alternative DNS lookups at Sam Spade
   * Changed default alert database in debconf prompt to 'snort_log'
Files: 
 de476efbd9c448da1b6e80f30fd50e07 663 web optional acidbase_1.2.1-1.dsc
 e732154e15cf0bc7e356b609e975bda6 344378 web optional acidbase_1.2.1.orig.tar.gz
 978bf6152188b357c92bbde3306988dd 10411 web optional acidbase_1.2.1-1.diff.gz
 7756f03360c740b1a62804c7ca8befdf 346190 web optional acidbase_1.2.1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDaTBFsandgtyBSwkRAq89AJ9u9xt3jmjtn16J7JVrMPaqwjwVPQCeIzp0
+7itgBYd1SSgFh5dnXYUC3Q=
=lD71
-----END PGP SIGNATURE-----


Accepted:
acidbase_1.2.1-1.diff.gz
  to pool/main/a/acidbase/acidbase_1.2.1-1.diff.gz
acidbase_1.2.1-1.dsc
  to pool/main/a/acidbase/acidbase_1.2.1-1.dsc
acidbase_1.2.1-1_all.deb
  to pool/main/a/acidbase/acidbase_1.2.1-1_all.deb
acidbase_1.2.1.orig.tar.gz
  to pool/main/a/acidbase/acidbase_1.2.1.orig.tar.gz


-- 
To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

News for package acidbase