Ubuntu Archive Auto-Sync katie at jackass.ubuntu.com
Sat Nov 5 09:20:02 CST 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: Debian/unstable
Format: 1.7
Date: Sat,  05 Nov 2005 15:06:25 +0000
Source: acidbase
Binary: acidbase
Architecture: source
Version: 1.2.1-1
Distribution: dapper
Urgency: low
Maintainer: David Gil <dgil at telefonica.net>
Changed-By: Ubuntu Archive Auto-Sync <katie at jackass.ubuntu.com>
Description: 
 acidbase   - Basic Analysis and Security Engine
Closes: 336788
Changes: 
 acidbase (1.2.1-1) unstable; urgency=low
 .
   [ David Gil ]
   * New upstream release.
 .
   [ Javier Fernandez-Sanguino Pen~a ]
   * SECURITY FIX:
     Add proper filtering in all ImportHTTP variables using either the new
     functions to check for numeric/alphanumeric chars or the filterSql()
     function to prevent SQL injection attacks. This patch fixes CVE-2005-3325 
     but also other attack vectors not mentioned in the initial advisory
     (http://www.frsirt.com/english/advisories/2005/2188)
     (Closes: #336788)
   * To reduce the risk of possible vulnerabilities in the code, made the
     default apache.conf allow access only from localhost and document this
     in the (new) README.Debian file
   * Added dependency on "debconf | debconf-2.0"
   * Added alternative DNS lookups at Sam Spade
   * Changed default alert database in debconf prompt to 'snort_log'
Files: 
 978bf6152188b357c92bbde3306988dd 10411 web optional acidbase_1.2.1-1.diff.gz
 e732154e15cf0bc7e356b609e975bda6 344378 web optional acidbase_1.2.1.orig.tar.gz
 de476efbd9c448da1b6e80f30fd50e07 663 web optional acidbase_1.2.1-1.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQEVAwUBQ2zKcQF4adwMEr3XAQKUQwf/c+xr5lsVhFWUxQsxsdyXbVT8As5Gk54X
kDR/HnphDkRhyFWSAkx+owaS2D1ro9Aj40PGHrpKSi1w6aIdY0zKtFebiGgglu/0
iqsoT8MvWL57hJAhe0n6Q7rs9T1i1mWd/7Al77pmua15A/kmrAfYMYsd0jJinAG0
zRbIxM9YtbyWreHPhRxN0+3txq1rDsujzSdVp575MYxPFGrzwHVWODdmCYrGs/rw
hamigXGdxZ6+WOsK4/ifmNZmniSI2Vvo1rPzflOh+Ucxdxbp/mpQYzMPBQnGCobh
DEpun3BAtb2gJVuxteIAdZY6pGV2r4+0BTBXDv4WzSrzgo+NoORKjQ==
=0RPG
-----END PGP SIGNATURE-----


Accepted:
acidbase_1.2.1-1.diff.gz
  to pool/universe/a/acidbase/acidbase_1.2.1-1.diff.gz
acidbase_1.2.1-1.dsc
  to pool/universe/a/acidbase/acidbase_1.2.1-1.dsc
acidbase_1.2.1.orig.tar.gz
  to pool/universe/a/acidbase/acidbase_1.2.1.orig.tar.gz




More information about the ubuntu-changes-auto mailing list