Bug#438162: marked as done (CVE-2007-4323: DenyHosts DoS vulnerability)
Your message dated Sat, 16 Feb 2008 12:17:04 + with message-id [EMAIL PROTECTED] and subject line Bug#438162: fixed in denyhosts 2.6-1etch1 has caused the Debian Bug report #438162, regarding CVE-2007-4323: DenyHosts DoS vulnerability to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [EMAIL PROTECTED] immediately.) -- 438162: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438162 Debian Bug Tracking System Contact [EMAIL PROTECTED] with problems ---BeginMessage--- Package: denyhosts Version: 2.6-1 Severity: grave Tags: security Justification: user security hole From CVE-2007-4323: DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- Source: denyhosts Source-Version: 2.6-1etch1 We believe that the bug you reported is fixed in the latest version of denyhosts, which is due to be installed in the Debian FTP archive: denyhosts_2.6-1etch1.diff.gz to pool/main/d/denyhosts/denyhosts_2.6-1etch1.diff.gz denyhosts_2.6-1etch1.dsc to pool/main/d/denyhosts/denyhosts_2.6-1etch1.dsc denyhosts_2.6-1etch1_all.deb to pool/main/d/denyhosts/denyhosts_2.6-1etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Zobel-Helas [EMAIL PROTECTED] (supplier of updated denyhosts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 26 Jan 2008 00:19:15 +0100 Source: denyhosts Binary: denyhosts Architecture: source all Version: 2.6-1etch1 Distribution: stable Urgency: low Maintainer: Marco Bertorello [EMAIL PROTECTED] Changed-By: Martin Zobel-Helas [EMAIL PROTECTED] Description: denyhosts - an utility to help sys admins thwart ssh hackers Closes: 438162 Changes: denyhosts (2.6-1etch1) stable; urgency=low . * Non-maintainer upload by SRM * Included 07_fix_CVE-2007-4323.dpatch to fix CVE-2007-4323 (Closes: #438162). Files: cf66b8e39f3744f7484a02320c6c96a4 719 net optional denyhosts_2.6-1etch1.dsc 313d73176594555196c0088d8d1a70a9 33801 net optional denyhosts_2.6-1etch1.diff.gz f39aa3b7fffda9c8f41e2b051550e3dd 62434 net optional denyhosts_2.6-1etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHmnqqST77jl1k+HARAqMTAJwKZagENZuZFBaMPIZSV+TSlX9GcwCg3Lna Yz9whkJMG7iq+gbMtnLG4JA= =Bynn -END PGP SIGNATURE- ---End Message---
Bug#438162: marked as done (CVE-2007-4323: DenyHosts DoS vulnerability)
Your message dated Sat, 26 Jan 2008 19:52:14 + with message-id [EMAIL PROTECTED] and subject line Bug#438162: fixed in denyhosts 2.6-1etch1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: denyhosts Version: 2.6-1 Severity: grave Tags: security Justification: user security hole From CVE-2007-4323: DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- Source: denyhosts Source-Version: 2.6-1etch1 We believe that the bug you reported is fixed in the latest version of denyhosts, which is due to be installed in the Debian FTP archive: denyhosts_2.6-1etch1.diff.gz to pool/main/d/denyhosts/denyhosts_2.6-1etch1.diff.gz denyhosts_2.6-1etch1.dsc to pool/main/d/denyhosts/denyhosts_2.6-1etch1.dsc denyhosts_2.6-1etch1_all.deb to pool/main/d/denyhosts/denyhosts_2.6-1etch1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Martin Zobel-Helas [EMAIL PROTECTED] (supplier of updated denyhosts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Sat, 26 Jan 2008 00:19:15 +0100 Source: denyhosts Binary: denyhosts Architecture: source all Version: 2.6-1etch1 Distribution: stable Urgency: low Maintainer: Marco Bertorello [EMAIL PROTECTED] Changed-By: Martin Zobel-Helas [EMAIL PROTECTED] Description: denyhosts - an utility to help sys admins thwart ssh hackers Closes: 438162 Changes: denyhosts (2.6-1etch1) stable; urgency=low . * Non-maintainer upload by SRM * Included 07_fix_CVE-2007-4323.dpatch to fix CVE-2007-4323 (Closes: #438162). Files: cf66b8e39f3744f7484a02320c6c96a4 719 net optional denyhosts_2.6-1etch1.dsc 313d73176594555196c0088d8d1a70a9 33801 net optional denyhosts_2.6-1etch1.diff.gz f39aa3b7fffda9c8f41e2b051550e3dd 62434 net optional denyhosts_2.6-1etch1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHmnqqST77jl1k+HARAqMTAJwKZagENZuZFBaMPIZSV+TSlX9GcwCg3Lna Yz9whkJMG7iq+gbMtnLG4JA= =Bynn -END PGP SIGNATURE- ---End Message---
Bug#438162: marked as done (CVE-2007-4323: DenyHosts DoS vulnerability)
Your message dated Mon, 8 Oct 2007 11:11:13 +0200 with message-id [EMAIL PROTECTED] and subject line Bug#438162: Reopening: package in etch is still vulnerable has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: denyhosts Version: 2.6-1 Severity: grave Tags: security Justification: user security hole From CVE-2007-4323: DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- found 438162 2.6-1 fixed 438162 2.6-2.1 thanks Hi Raphael, * Raphael Geissert [EMAIL PROTECTED] [2007-10-08 11:04]: reopen 438162 = tags 438162 etch thanks Package version in etch is 2.6-1 which is affected. I closed this bug again, there is no need to keep it open, that's what we have version tracking for. Kind regards Nico -- Nico Golde - http://ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. pgp9znL5MXf4Y.pgp Description: PGP signature ---End Message---
Bug#438162: marked as done (CVE-2007-4323: DenyHosts DoS vulnerability)
Your message dated Fri, 17 Aug 2007 12:47:04 + with message-id [EMAIL PROTECTED] and subject line Bug#438162: fixed in denyhosts 2.6-2.1 has caused the attached Bug report to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what I am talking about this indicates a serious mail system misconfiguration somewhere. Please contact me immediately.) Debian bug tracking system administrator (administrator, Debian Bugs database) ---BeginMessage--- Package: denyhosts Version: 2.6-1 Severity: grave Tags: security Justification: user security hole From CVE-2007-4323: DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version identification containing an IP address string, a different vector than CVE-2006-6301. Please mention the CVE id in the changelog. ---End Message--- ---BeginMessage--- Source: denyhosts Source-Version: 2.6-2.1 We believe that the bug you reported is fixed in the latest version of denyhosts, which is due to be installed in the Debian FTP archive: denyhosts_2.6-2.1.diff.gz to pool/main/d/denyhosts/denyhosts_2.6-2.1.diff.gz denyhosts_2.6-2.1.dsc to pool/main/d/denyhosts/denyhosts_2.6-2.1.dsc denyhosts_2.6-2.1_all.deb to pool/main/d/denyhosts/denyhosts_2.6-2.1_all.deb A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to [EMAIL PROTECTED], and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Nico Golde [EMAIL PROTECTED] (supplier of updated denyhosts package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing [EMAIL PROTECTED]) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Format: 1.7 Date: Thu, 16 Aug 2007 02:41:59 +0200 Source: denyhosts Binary: denyhosts Architecture: source all Version: 2.6-2.1 Distribution: unstable Urgency: high Maintainer: Marco Bertorello [EMAIL PROTECTED] Changed-By: Nico Golde [EMAIL PROTECTED] Description: denyhosts - an utility to help sys admins thwart ssh hackers Closes: 438162 Changes: denyhosts (2.6-2.1) unstable; urgency=high . * Non-maintainer upload for testing security team * Included 07_fix_CVE-2007-4323.dpatch to fix CVE-2007-4323 (Closes: #438162). Files: a04e227f2332ad4696ee40a764ccd9e5 713 net optional denyhosts_2.6-2.1.dsc 4e537f64be9aa32414a3f03722bdcc31 33975 net optional denyhosts_2.6-2.1.diff.gz ae56cd77766be74a7b731ac5350299fb 62784 net optional denyhosts_2.6-2.1_all.deb -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGw5/yHYflSXNkfP8RAosUAKCsoUMbMD5scAfZKi5V1eWYNwA4CQCeIwCR ZQz2rC8O0AYDFpfSBVOnGP8= =QqN0 -END PGP SIGNATURE- ---End Message---