Your message dated Mon, 8 Oct 2007 11:11:13 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Bug#438162: Reopening: package in etch is still vulnerable
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: denyhosts
Version: 2.6-1
Severity: grave
Tags: security
Justification: user security hole
>From CVE-2007-4323:
"DenyHosts 2.6 does not properly parse sshd log files, which allows
remote attackers to add arbitrary hosts to the /etc/hosts.deny file
and cause a denial of service by adding arbitrary IP addresses to the
sshd log file, as demonstrated by logging in via ssh with a client
protocol version identification containing an IP address string, a
different vector than CVE-2006-6301."
Please mention the CVE id in the changelog.
--- End Message ---
--- Begin Message ---
found 438162 2.6-1
fixed 438162 2.6-2.1
thanks
Hi Raphael,
* Raphael Geissert <[EMAIL PROTECTED]> [2007-10-08 11:04]:
> reopen 438162 =
> tags 438162 etch
> thanks
>
> Package version in etch is 2.6-1 which is affected.
I closed this bug again, there is no need to keep it open,
that's what we have version tracking for.
Kind regards
Nico
--
Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
pgp9znL5MXf4Y.pgp
Description: PGP signature
--- End Message ---
