-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Fri, 30 Sep 2005 21:21:43 +0200 Source: snort Binary: snort-mysql snort-doc snort-rules-default snort-common snort-pgsql snort Architecture: source i386 all Version: 2.3.3-2 Distribution: unstable Urgency: high Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@computer.org> Description: snort - Flexible Network Intrusion Detection System snort-common - Flexible Network Intrusion Detection System [common files] snort-doc - Documentation for the Snort IDS [documentation] snort-mysql - Flexible Network Intrusion Detection System [MySQL] snort-pgsql - Flexible Network Intrusion Detection System [PostgreSQL] snort-rules-default - Flexible Network Intrusion Detection System ruleset Closes: 327791 328134 328134 330834 Changes: snort (2.3.3-2) unstable; urgency=high . * Backport the following changes introduced in 2.4.1. Upstream changelog: * src/log.c: Fix problem in sniffer mode when incomplete TCP option data is received. Thanks A Hernandez for the find. (Closes: #328134) Note: This is a "security" bug but no CVE is assigned, it is actually something that can happen only if a Snort user willingly shoots himself on the foot (uses ASCII logging mode) or if he uses the fast output mode with some non-default options. For a detailed view see: Martin Roesch's mail "Snort DoS Fallacies" to snort-users and bugtraq: http://marc.theaimsgroup.com/?l=bugtraq&m=112665341207363&w=2 http://marc.theaimsgroup.com/?l=snort-users&m=112657845119746&w=2 http://marc.theaimsgroup.com/?l=snort-users&m=112667020331513&w=2 http://marc.theaimsgroup.com/?l=snort-devel&m=112672013010948&w=2 and also http://www.snort.org/pub-bin/snortnews.cgi#58 To summarise: The only recommended alert methods in a production sensor are unified, syslog or database. And unified is The Right Way to run a sensor (others have important performance issues under high load ) NOTE to Debian Security teams: I don't believe this bug merits a DSA (or a DTSA for that matter) (Closes: #328134) * Backport the following changes introduced in 2.4.2. Upstream changelog: * src/output-plugins/spo_log_database.c: * schemas/create_mysql: Fixes to address schema being a keyword in MySQL 5.0. Thanks Wes Young, Adolfo Gomez, and Aleem Mawji for the updates. (Closes: #327791) * Added Swedish translation provided by Daniel Nylander (Closes: #330834) Files: 188eaac5901d548951fd6d3a832a3daa 979 net optional snort_2.3.3-2.dsc 77532e7b55c82f3da4bfc108c6f9d694 259641 net optional snort_2.3.3-2.diff.gz 88fad41047c477ea2df24a72be36e627 92632 net optional snort-common_2.3.3-2_all.deb 8c8c4127c35a8ece165e98ccd9a65e09 1354328 doc optional snort-doc_2.3.3-2_all.deb a0cab6208e547fff3d93b36e6b99b752 231472 net optional snort-rules-default_2.3.3-2_all.deb cd456b06ca9ea588c5683d65e6c9531f 359208 net optional snort_2.3.3-2_i386.deb 3a05d076f1526556488acb3e31592f2c 366168 net extra snort-mysql_2.3.3-2_i386.deb 5753db9f0ee5565b2e84362e4045b092 365616 net optional snort-pgsql_2.3.3-2_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iQCVAwUBQz2hjvtEPvakNq0lAQJK3QP/U+ABdJ4Uu37n3ozjy8zanyKIBnm24kCd gwotfrQEDnJaiydwg5S/1QqyPOx0i0JqQbnnhxA5YBmK8JKhxFvoIrnGImwTO/aD AjmpzMpFZLM154/p84sbaOYCNM08wywPq/WRGQ5sc7em42i3GdNghJuueF4WIVoP SGegPVt0h7s= =bUhg -----END PGP SIGNATURE----- Accepted: snort-common_2.3.3-2_all.deb to pool/main/s/snort/snort-common_2.3.3-2_all.deb snort-doc_2.3.3-2_all.deb to pool/main/s/snort/snort-doc_2.3.3-2_all.deb snort-mysql_2.3.3-2_i386.deb to pool/main/s/snort/snort-mysql_2.3.3-2_i386.deb snort-pgsql_2.3.3-2_i386.deb to pool/main/s/snort/snort-pgsql_2.3.3-2_i386.deb snort-rules-default_2.3.3-2_all.deb to pool/main/s/snort/snort-rules-default_2.3.3-2_all.deb snort_2.3.3-2.diff.gz to pool/main/s/snort/snort_2.3.3-2.diff.gz snort_2.3.3-2.dsc to pool/main/s/snort/snort_2.3.3-2.dsc snort_2.3.3-2_i386.deb to pool/main/s/snort/snort_2.3.3-2_i386.deb -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
