[Bug 129751] Please sync snort (universe) from Debian unstable (main)

Kees Cook kees at ubuntu.com
Wed Aug 1 18:37:50 BST 2007


Public bug reported:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 affects ubuntu/snort
 status confirmed
 subscribe ubuntu-archive

Please sync snort (universe) from Debian unstable (main).
Changelog since current gutsy version 2.3.3-14:

snort (2.7.0-2) experimental; urgency=low

  * Fix generation of the common snort binary, which was distributed without
    prelude support.
  * Fix location of dynamic engines in snort.conf
  * Change signatures 1443 and 1444 since there was an error in their
    definition ( Cannot use 'rawbytes' and 'http_uri' as modifiers for the
    same "content" nor use 'rawbytes' with "uricontent". )

snort (2.7.0-1) experimental; urgency=low

  * New upstream release (Closes: #435417, #404991, #320920, #323985)
     - Fixes DOS attack: CVE-2006-6931 - "Backtracking Algorithmic Complexity"
       DoS against IDS engine (Closes: #407421)
  * Introduce all the rules available from the 2.4 release which are GPL and
    are non-VRT certified, that is, all rules which are outside of the range
    [3,465-1,000,000]. This amounts to a total of 3935 rules (820 of which are
    Community released).
  * In order to handle rulesets with mixed GPL and non-GPL rules two scripts
    have been made available in the source rules/ subdirectory:
        - remove-non-gpl.pl - Given a rules file removes all rules outside
          the above range
        - purge-non-gpl.sh - Given a directory dumps on the local directory
          only rules outside this range.
    In order to limit maintainer overhead the header for modified rulesets has
    not been changed.
  * Include the VRT license file. This file is kept for reference under the
    rules/ dir, although *no* rule in this package is under that non-free license.
  * Include a NEWS.Debian item describing the license change and the rules
    distributed within this package.
    not in the database packages (Closes: #320920)
  * As a consequence of the above Build-Depend on libprelude-dev, iptables-dev
  * Provide support for Prelude in both snort and snort-inline packages but
  * The examples are now included in the -common package instead of having
    them  in all the binary packages

  This package provides support to make an experimental separate binary
  package for inline support: snort-inline, which most of the configuration is
  shared with the snort binary package but the PPP related options have been
  removed. However, snort-inline does not support libnet 1.1 so we cannot
  provide it yet. This has been changed in Snort's code but it's far from
  complete:
       - Make the configure script work with libnet 1.1.
       - Port parts of the API (some declarations) to 1.1

snort (2.3.3-15) unstable; urgency=low

  * Include all the community signatures available as of today into the
    snort-signatures package. This means 820 new signatures go in.
  * Sync mappings:
    * Updated the gen-msg.map under rules/ with the maps under etc/
    * Updated the sid-msg.map under etc/ with the maps under rules/

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGsMTGH/9LqRcGPm0RAuqGAJ94LlHxU3jwckJkWw9a/Jo5t/M/QgCdHwqF
p9Mweo+GK/AEahtHiKg3qpE=
=/P34
-----END PGP SIGNATURE-----

** Affects: snort (Ubuntu)
     Importance: Undecided
         Status: Confirmed

-- 
Please sync snort (universe) from Debian unstable (main)
https://bugs.launchpad.net/bugs/129751
You received this bug notification because you are a member of Ubuntu
Package Archive Administrators, which is a direct subscriber.



More information about the ubuntu-archive mailing list