Debian Package Tracker

general

source: suricata (main)
version: 1:4.0.4-1
maintainer: Pierre Chifflier [DMD]
uploaders: Arturo Borrero Gonzalez [DMD]
arch: all
std-ver: 4.1.3
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 1.2.1-2
o-o-sec: 1.2.1-2+deb7u1
o-o-bpo: 2.0.4-1~bpo70+1
oldstable: 2.0.7-2+deb8u1
old-sec: 2.0.7-2+deb8u1
old-bpo: 3.2.1-1~bpo8+1
stable: 3.2.1-1+deb9u1
stable-bpo: 1:4.0.4-1~bpo9+1
testing: 1:4.0.4-1
unstable: 1:4.0.4-1

versioned links

1.2.1-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.2.1-2+deb7u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.4-1~bpo70+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
2.0.7-2+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.1-1~bpo8+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.2.1-1+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.0.4-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1:4.0.4-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

suricata
suricata-oinkmaster

action needed

lintian reports 2 errors and 4 warnings high

Lintian reports 2 errors and 4 warnings about this package. You should make the package lintian clean getting rid of them.

Created: 2017-12-12 Last update: 2018-05-08 07:48

4 bugs tagged patch in the BTS normal

The BTS contains patches fixing 4 bugs, consider including or untagging them.

Created: 2017-11-21 Last update: 2018-06-24 19:48

A new version is available in the VCS, consider uploading it. normal

vcswatch reports that this package has a new version ready in the VCS. You should consider uploading into the archive.

Created: 2018-05-20 Last update: 2018-05-20 14:14

2 ignored security issues in stretch low

There are 2 open security issues in stretch.

2 issues skipped by the security teams:

CVE-2017-15377: In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
CVE-2018-6794: Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

Please fix them.

Created: 2017-10-24 Last update: 2018-06-15 08:13

4 ignored security issues in jessie low

There are 4 open security issues in jessie.

4 issues skipped by the security teams:

TEMP-0856648-2BC2C9:
CVE-2017-15377: In Suricata before 4.x, it was possible to trigger lots of redundant checks on the content of crafted network traffic with a certain signature, because of DetectEngineContentInspection in detect-engine-content-inspection.c. The search engine doesn't stop when it should after no match is found; instead, it stops only upon reaching inspection-recursion-limit (3000 by default).
CVE-2017-7177: Suricata before 3.2.1 has an IPv4 defragmentation evasion issue caused by lack of a check for the IP protocol during fragment matching.
CVE-2018-6794: Suricata before 4.0.4 is prone to an HTTP detection bypass vulnerability in detect.c and stream-tcp.c. If a malicious server breaks a normal TCP flow and sends data before the 3-way handshake is complete, then the data sent by the malicious server will be accepted by web clients such as a web browser or Linux CLI utilities, but ignored by Suricata IDS signatures. This mostly affects IDS signatures for the HTTP protocol and TCP stream content; signatures for TCP packets will inspect such network traffic as usual.

Please fix them.

Created: 2017-03-03 Last update: 2018-06-15 08:13

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.1.4 instead of 4.1.3).

Created: 2018-04-16 Last update: 2018-04-16 20:48

news

[rss feed]

[2018-02-22] Accepted suricata 1:4.0.4-1~bpo9+1 (source) into stretch-backports (Arturo Borrero Gonzalez)
[2018-02-19] suricata 1:4.0.4-1 MIGRATED to testing (Debian testing watch)
[2018-02-14] Accepted suricata 1:4.0.4-1 (source) into unstable (Arturo Borrero Gonzalez)
[2017-12-26] Accepted suricata 1:4.0.3-1~bpo9+1 (source amd64) into stretch-backports (Arturo Borrero Gonzalez)
[2017-12-22] suricata 1:4.0.3-1 MIGRATED to testing (Debian testing watch)
[2017-12-13] Accepted suricata 1:4.0.3-1 (source) into unstable (Arturo Borrero Gonzalez)
[2017-11-29] Accepted suricata 1:4.0.1-2~bpo9+1 (source) into stretch-backports (Arturo Borrero Gonzalez)
[2017-11-28] suricata 1:4.0.1-2 MIGRATED to testing (Debian testing watch)
[2017-11-23] Accepted suricata 1:4.0.1-2 (source) into unstable (Arturo Borrero Gonzalez)
[2017-10-27] Accepted suricata 1:4.0.1-1~bpo9+1 (source amd64) into stretch-backports (Arturo Borrero Gonzalez)
[2017-10-26] suricata 1:4.0.1-1 MIGRATED to testing (Debian testing watch)
[2017-10-21] Accepted suricata 1:4.0.1-1 (source amd64) into unstable (Arturo Borrero Gonzalez)
[2017-09-28] Accepted suricata 1:4.0.0-5~bpo9+1 (source amd64) into stretch-backports (Arturo Borrero Gonzalez)
[2017-09-26] suricata 1:4.0.0-5 MIGRATED to testing (Debian testing watch)
[2017-09-20] Accepted suricata 1:4.0.0-5 (source amd64) into unstable (Arturo Borrero Gonzalez)
[2017-09-20] Accepted suricata 1:4.0.0-4~bpo9+1 (source amd64) into stretch-backports (Arturo Borrero Gonzalez)
[2017-09-17] suricata 1:4.0.0-4 MIGRATED to testing (Debian testing watch)
[2017-09-12] Accepted suricata 1:4.0.0-4 (source amd64 all) into unstable (Arturo Borrero Gonzalez)
[2017-08-30] Accepted suricata 1:4.0.0-3 (source amd64 all) into unstable (Arturo Borrero Gonzalez)
[2017-08-28] Accepted suricata 1:4.0.0-2~bpo9+1 (source amd64 all) into stretch-backports, stretch-backports (Arturo Borrero Gonzalez)
[2017-08-23] Accepted suricata 3.2.1-1+deb9u1 (source amd64 all) into proposed-updates->stable-new, proposed-updates (Arturo Borrero Gonzalez)
[2017-08-20] suricata 1:4.0.0-2 MIGRATED to testing (Debian testing watch)
[2017-08-15] Accepted suricata 1:4.0.0-2 (source amd64 all) into unstable (Arturo Borrero Gonzalez)
[2017-08-02] suricata 1:4.0.0-1 MIGRATED to testing (Debian testing watch)
[2017-07-28] Accepted suricata 1:4.0.0-1 (source amd64 all) into unstable (Arturo Borrero Gonzalez)
[2017-06-21] suricata 4.0.0-beta1-1~exp1 MIGRATED to testing (Debian testing watch)
[2017-06-16] Accepted suricata 4.0.0-beta1-1~exp1 (source amd64 all) into unstable, unstable (Arturo Borrero Gonzalez)
[2017-04-22] Accepted suricata 3.2.1-1~bpo8+1 (source amd64 all) into jessie-backports->backports-policy, jessie-backports (Arturo Borrero Gonzalez)
[2017-03-27] suricata 3.2.1-1 MIGRATED to testing (Debian testing watch)
[2017-03-22] Accepted suricata 1.2.1-2+deb7u1 (source amd64) into oldstable (Chris Lamb)

bugs [bug history graph]

all: 7
RC: 0
I&N: 7
M&W: 0
F&P: 0

links

homepage
lintian (2, 4)
buildd: logs, clang, reproducibility
popcon
debci
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.2-2ubuntu3
2 bugs (1 patch)
patches for 3.2-2ubuntu3