[Bug 129751] Please sync snort (universe) from Debian unstable (main)
Kees Cook
kees at ubuntu.com
Wed Aug 1 18:37:50 BST 2007
Public bug reported:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
affects ubuntu/snort
status confirmed
subscribe ubuntu-archive
Please sync snort (universe) from Debian unstable (main).
Changelog since current gutsy version 2.3.3-14:
snort (2.7.0-2) experimental; urgency=low
* Fix generation of the common snort binary, which was distributed without
prelude support.
* Fix location of dynamic engines in snort.conf
* Change signatures 1443 and 1444 since there was an error in their
definition ( Cannot use 'rawbytes' and 'http_uri' as modifiers for the
same "content" nor use 'rawbytes' with "uricontent". )
snort (2.7.0-1) experimental; urgency=low
* New upstream release (Closes: #435417, #404991, #320920, #323985)
- Fixes DOS attack: CVE-2006-6931 - "Backtracking Algorithmic Complexity"
DoS against IDS engine (Closes: #407421)
* Introduce all the rules available from the 2.4 release which are GPL and
are non-VRT certified, that is, all rules which are outside of the range
[3,465-1,000,000]. This amounts to a total of 3935 rules (820 of which are
Community released).
* In order to handle rulesets with mixed GPL and non-GPL rules two scripts
have been made available in the source rules/ subdirectory:
- remove-non-gpl.pl - Given a rules file removes all rules outside
the above range
- purge-non-gpl.sh - Given a directory dumps on the local directory
only rules outside this range.
In order to limit maintainer overhead the header for modified rulesets has
not been changed.
* Include the VRT license file. This file is kept for reference under the
rules/ dir, although *no* rule in this package is under that non-free license.
* Include a NEWS.Debian item describing the license change and the rules
distributed within this package.
not in the database packages (Closes: #320920)
* As a consequence of the above Build-Depend on libprelude-dev, iptables-dev
* Provide support for Prelude in both snort and snort-inline packages but
* The examples are now included in the -common package instead of having
them in all the binary packages
This package provides support to make an experimental separate binary
package for inline support: snort-inline, which most of the configuration is
shared with the snort binary package but the PPP related options have been
removed. However, snort-inline does not support libnet 1.1 so we cannot
provide it yet. This has been changed in Snort's code but it's far from
complete:
- Make the configure script work with libnet 1.1.
- Port parts of the API (some declarations) to 1.1
snort (2.3.3-15) unstable; urgency=low
* Include all the community signatures available as of today into the
snort-signatures package. This means 820 new signatures go in.
* Sync mappings:
* Updated the gen-msg.map under rules/ with the maps under etc/
* Updated the sid-msg.map under etc/ with the maps under rules/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFGsMTGH/9LqRcGPm0RAuqGAJ94LlHxU3jwckJkWw9a/Jo5t/M/QgCdHwqF
p9Mweo+GK/AEahtHiKg3qpE=
=/P34
-----END PGP SIGNATURE-----
** Affects: snort (Ubuntu)
Importance: Undecided
Status: Confirmed
--
Please sync snort (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/129751
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.
More information about the ubuntu-archive
mailing list