Your message dated Tue, 28 Oct 2008 23:47:06 +0000
with message-id <[EMAIL PROTECTED]>
and subject line Bug#483160: fixed in snort 2.7.0-20.2
has caused the Debian Bug report #483160,
regarding CVE-2008-1804: possibility to bypass detection rules
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [EMAIL PROTECTED]
immediately.)


-- 
483160: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483160
Debian Bug Tracking System
Contact [EMAIL PROTECTED] with problems
--- Begin Message ---
Package: snort
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE(0) has been issued against snort.

CVE-2008-1804:

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment.

The upstream patch is here(1), but I guess it has to be backported.


In case you fix this issue by an upload, please mention the CVE id in
your changelog.

Cheers
Steffen

(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804

(1): 
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h



--- End Message ---
--- Begin Message ---
Source: snort
Source-Version: 2.7.0-20.2

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:

snort-common-libraries_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-common-libraries_2.7.0-20.2_i386.deb
snort-common_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-common_2.7.0-20.2_all.deb
snort-doc_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-doc_2.7.0-20.2_all.deb
snort-mysql_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-mysql_2.7.0-20.2_i386.deb
snort-pgsql_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-pgsql_2.7.0-20.2_i386.deb
snort-rules-default_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-rules-default_2.7.0-20.2_all.deb
snort_2.7.0-20.2.dsc
  to pool/main/s/snort/snort_2.7.0-20.2.dsc
snort_2.7.0-20.2.tar.gz
  to pool/main/s/snort/snort_2.7.0-20.2.tar.gz
snort_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort_2.7.0-20.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated snort 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Oct 2008 21:32:48 +0100
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql 
snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20.2
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description: 
 snort      - flexible Network Intrusion Detection System
 snort-common - flexible Network Intrusion Detection System [common files]
 snort-common-libraries - flexible Network Intrusion Detection System ruleset
 snort-doc  - Documentation for the Snort IDS [documentation]
 snort-mysql - flexible Network Intrusion Detection System [MySQL]
 snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
 snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes: 
 snort (2.7.0-20.2) testing-proposed-updates; urgency=high
 .
   * Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see
     below). This package cannot go through sid since the sid build uses
     a newer libpcre version not available in lenny. (Closes: #483160)
Checksums-Sha1: 
 11c814ecf3458b7fa5ecbba21dcf1f5b8eef9356 1159 snort_2.7.0-20.2.dsc
 4677e65e5a90431e8edfd245cceaa3a4f24ff3f1 4706542 snort_2.7.0-20.2.tar.gz
 704a382ae51ba5ded94c43020f6104983d74b321 463306 snort_2.7.0-20.2_i386.deb
 f189c1b15d57abab99036e1744578a2f4b9c1052 474262 snort-mysql_2.7.0-20.2_i386.deb
 92648eb74dcb3a506963cda9067cb57bd8c97f7e 474066 snort-pgsql_2.7.0-20.2_i386.deb
 15c709f15d61ec6f4986dad742611c6ea6cec790 244386 
snort-common-libraries_2.7.0-20.2_i386.deb
 3422a0cd6d9b3dc7159818f9f89e202dd01460d3 147192 snort-common_2.7.0-20.2_all.deb
 aba4e7bb1290ccad1ffba4374ddd0b22968b3fc1 2303642 snort-doc_2.7.0-20.2_all.deb
 9bd77859a670f5e61e63ab47b3c6f0029360502c 401990 
snort-rules-default_2.7.0-20.2_all.deb
Checksums-Sha256: 
 d0a134ed1363abdf6efda6f8314d5610c298ca037c8009f09cf20f89830ea4ef 1159 
snort_2.7.0-20.2.dsc
 62aadabe12b71b34ae471852999063c448b4e7a88af771a074a78f512e6011c8 4706542 
snort_2.7.0-20.2.tar.gz
 864ecbafc71d79f5ebc13d880cbbd4aed6b012df9dbc0f302e77bb6ab52176d2 463306 
snort_2.7.0-20.2_i386.deb
 879d3803d45d6d8d98b6a47e862ec2626961bb98c57ac4083dfcdaf9c2e9b7d6 474262 
snort-mysql_2.7.0-20.2_i386.deb
 82f60f51e495625dfe012081ab5c4db7fc94db3a10df48b091bf3598c90db06b 474066 
snort-pgsql_2.7.0-20.2_i386.deb
 24600555157060678bb22ac982c6a4f2a291c2ccb332234f278b8bb8e19ccf29 244386 
snort-common-libraries_2.7.0-20.2_i386.deb
 258d529621b0a321b1aa6571f5b3a1d9f1f9b5b8da934c1455ed93fba1c75d74 147192 
snort-common_2.7.0-20.2_all.deb
 11a7312188d720cf35899e9717d4e74d10dcd5dfbcc6a317ee00f41f2605da34 2303642 
snort-doc_2.7.0-20.2_all.deb
 a2eb936eeecf3394473f86acc353142351fc6b34f9440a3054236ce29bad4fe4 401990 
snort-rules-default_2.7.0-20.2_all.deb
Files: 
 f1902496c3fa1f3ce3fca4e316c0b13c 1159 net optional snort_2.7.0-20.2.dsc
 a18544065a34cbf82c9e6e7f9f0f2620 4706542 net optional snort_2.7.0-20.2.tar.gz
 71bdbfbff5007f130331e17ce2adfdd4 463306 net optional snort_2.7.0-20.2_i386.deb
 6d695ca672f19c8e9fefccfadb62e025 474262 net extra 
snort-mysql_2.7.0-20.2_i386.deb
 ecb949d80bd36b509a150921630f2f26 474066 net optional 
snort-pgsql_2.7.0-20.2_i386.deb
 481815960dde1211fe482c67094aa0b3 244386 net optional 
snort-common-libraries_2.7.0-20.2_i386.deb
 cf75ebc8a2805e4efce17e4569fb53d8 147192 net optional 
snort-common_2.7.0-20.2_all.deb
 e5d9140fad0dd7f964a94ceed3ebd67b 2303642 doc optional 
snort-doc_2.7.0-20.2_all.deb
 e34cbf9c10e4a9bf9952ce1709e0dac9 401990 net optional 
snort-rules-default_2.7.0-20.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJB6G6sandgtyBSwkRAt6VAJ90K14fzQl+TyK/RllO7Qo1qgsqqQCcD6MG
FF3wvaLotz3YhsEvz6zlybQ=
=rkC+
-----END PGP SIGNATURE-----



--- End Message ---

Reply via email to