Back to fail2ban PTS page

Accepted fail2ban 0.8.4-3+squeeze3 (source all)

To: debian-lts-changes@lists.debian.org
Subject: Accepted fail2ban 0.8.4-3+squeeze3 (source all)
From: Thorsten Alteholz <debian@alteholz.de>
Date: Sat, 26 Jul 2014 10:19:39 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1XAz4l-0006BL-1z@franck.debian.org>
Reply-to: debian-lts@lists.debian.org
Sender: Archive Administrator <dak@franck.debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 26 Jul 2014 10:00:00 +0200
Source: fail2ban
Binary: fail2ban
Architecture: source all
Version: 0.8.4-3+squeeze3
Distribution: squeeze-lts
Urgency: high
Maintainer: Yaroslav Halchenko <debian@onerussian.com>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description: 
 fail2ban   - bans IPs that cause multiple authentication errors
Changes: 
 fail2ban (0.8.4-3+squeeze3) squeeze-lts; urgency=high
 .
   * Use anchored failregex for filters to avoid possible DoS.  Manually
     picked up from the current status of 0.8 branch (as of
     0.8.13-29-g09b2016):
     - CVE-2013-7176: postfix.conf - anchored on the front, expects
       "postfix/smtpd" prefix in the log line
     - CVE-2013-7177: cyrus-imap.conf - anchored on the front, and
       refactored to have a single failregex
     - couriersmtp.conf - anchored on both sides
     - exim.conf - front-anchored versions picked up from exim.conf
       and exim-spam.conf
     - lighttpd-fastcgi.conf - front-anchored picked up from suhosin.conf
     (copied from the Wheezy version)
   * Catch also failed logins via secured (imaps/pop3s) for cyrus-imap.
     Regression was introduced while strengthening failregex in 0.8.11 (bd175f)
     Debian bug #755173
   * cyrus-imap: catch "user not found" attempts
Checksums-Sha1: 
 51612177065fff94d68643a604564cc2e4e14254 1230 fail2ban_0.8.4-3+squeeze3.dsc
 5aa2b9760c5fdbe77f04ffa7a3d4fd127a2b714c 85063 fail2ban_0.8.4.orig.tar.gz
 ae97dec979f319b564dea6186db47578038356fa 33192 fail2ban_0.8.4-3+squeeze3.diff.gz
 1129a7e841ae3afd0ccbce241a69edf30d55f010 98096 fail2ban_0.8.4-3+squeeze3_all.deb
Checksums-Sha256: 
 bf9894b0ea4846fa0ab25d44ae12303b5c2ef3762dd51a07dce8cf2ace9d1aaa 1230 fail2ban_0.8.4-3+squeeze3.dsc
 186f89c43a234c124bbdf4b45d54039b1391da3ccf64f0f6314b8caf0907db5f 85063 fail2ban_0.8.4.orig.tar.gz
 9bf0f8e41a07206db3e105844743b93afa7bb1b04ba63332821f92e1336cd6e4 33192 fail2ban_0.8.4-3+squeeze3.diff.gz
 785d5d359ff37e63d40a845c925f6f19339201dfd873ebfd842f4ab10b5d3e2d 98096 fail2ban_0.8.4-3+squeeze3_all.deb
Files: 
 d7ad2e137665edfbd19c16c6bb3624ba 1230 net optional fail2ban_0.8.4-3+squeeze3.dsc
 a248908e1a07cd6cd623daf6a1e03628 85063 net optional fail2ban_0.8.4.orig.tar.gz
 3c688b4151cafbd1d84c337661055aa5 33192 net optional fail2ban_0.8.4-3+squeeze3.diff.gz
 9a809449370133397ac4d929c81fcdbf 98096 net optional fail2ban_0.8.4-3+squeeze3_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlPTfc0ACgkQ02K2KlS5mJA8ywCglWOPrCColPtdCziZ9mEll2MO
YxAAn2buX7qhJ2m7L8joVAD1MiktZDDo
=nK/x
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-lts-changes-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: E1XAz4l-0006BL-1z@franck.debian.org">https://lists.debian.org/E1XAz4l-0006BL-1z@franck.debian.org