Your message dated Tue, 01 Nov 2005 06:17:10 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#307712: fixed in acidlab 0.9.6b20-13
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 4 May 2005 21:43:58 +0000
>From [EMAIL PROTECTED] Wed May 04 14:43:58 2005
Return-path: <[EMAIL PROTECTED]>
Received: from blackhole.x-tec.de [62.180.107.114]
by spohr.debian.org with esmtp (Exim 3.35 1 (Debian))
id 1DTRew-00028t-00; Wed, 04 May 2005 14:43:58 -0700
Received: from [192.168.1.250] (helo=hermes.x-tec.de)
by blackhole.x-tec.de with esmtp (Exim 4.43)
id 1DTTWs-0007ah-71
for [EMAIL PROTECTED]; Thu, 05 May 2005 01:43:50 +0200
Message-ID: <[EMAIL PROTECTED]>
Date: Wed, 04 May 2005 23:43:01 +0200
From: "Uwe A. P. Wuerdinger" <[EMAIL PROTECTED]>
User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: [EMAIL PROTECTED]
Subject: acidlab: Year selection drop down boxes are not usefull in 2005 and
>.
Content-Type: multipart/mixed;
boundary="------------060907030509070108010204"
X-Spam-Score: -2.8 (--)
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Status: No, hits=-5.1 required=4.0 tests=BAYES_00,HAS_PACKAGE,
HTML_40_50,HTML_MESSAGE autolearn=no
version=2.60-bugs.debian.org_2005_01_02
X-Spam-Level:
This is a multi-part message in MIME format.
--------------060907030509070108010204
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Package: acidlab
Version: 0.9.6b20-10
Severity: normal
Tags: patch
*** Please type your report below this line ***
For most of the selectin queries the values of the Year selection drop
down boxes
are useless on current systems. Included is a patch that replaces the
values to hopefully
keep acidlab usefull 'till 2010
-- System Information:
Debian Release: 3.1
APT prefers testing
APT policy: (500, 'testing')
Architecture: sparc (sparc64)
Kernel: Linux 2.6.8-2-sparc64
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages acidlab depends on:
ii acidlab-mysql 0.9.6b20-10 Analysis Console for
Intrusion Dat
ii apache2-mpm-prefork [http 2.0.54-2 traditional model for Apache2
ii debconf 1.4.30.13 Debian configuration
management sy
ii libphp-adodb 4.52-1 The 'adodb' database
abstraction l
ii libphp-phplot 4.4.6+5.0rc1-2 The graphic library for PHP
ii php4 4:4.3.10-13 server-side, HTML-embedded
scripti
ii php4-cli 4:4.3.10-13 command-line interpreter
for the p
ii php4-gd 4:4.3.10-13 GD module for php4
ii wwwconfig-common 0.0.43 Debian web auto configuration
-- debconf information excluded
--------------060907030509070108010204
Content-Type: text/plain;
name="acidlab.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
filename="acidlab.diff"
diff /home/uwe/acidlab/acid_graph_main.php
/usr/share/acidlab/acid_graph_main.php
161,165c161,165
< <OPTION VALUE="2005" '.chk_select($chart_begin_year, "2005").'>2005
< <OPTION VALUE="2006" '.chk_select($chart_begin_year, "2006").'>2006
< <OPTION VALUE="2007" '.chk_select($chart_begin_year, "2007").'>2007
< <OPTION VALUE="2008" '.chk_select($chart_begin_year, "2008").'>2008
< <OPTION VALUE="2009" '.chk_select($chart_begin_year, "2009").'>2009
---
> <OPTION VALUE="1999" '.chk_select($chart_begin_year, "1999").'>1999
> <OPTION VALUE="2000" '.chk_select($chart_begin_year, "2000").'>2000
> <OPTION VALUE="2001" '.chk_select($chart_begin_year, "2001").'>2001
> <OPTION VALUE="2002" '.chk_select($chart_begin_year, "2002").'>2002
> <OPTION VALUE="2003" '.chk_select($chart_begin_year, "2003").'>2003
198,204c198,203
< <OPTION VALUE="2005" '.chk_select($chart_end_year, "2005").'>2005
< <OPTION VALUE="2006" '.chk_select($chart_end_year, "2006").'>2006
< <OPTION VALUE="2007" '.chk_select($chart_end_year, "2007").'>2007
< <OPTION VALUE="2008" '.chk_select($chart_end_year, "2008").'>2008
< <OPTION VALUE="2009" '.chk_select($chart_end_year, "2009").'>2009
< <OPTION VALUE="2010" '.chk_select($chart_end_year, "2010").'>2010
< </SELECT>';
---
> <OPTION VALUE="1999" '.chk_select($chart_end_year, "1999").'>1999
> <OPTION VALUE="2000" '.chk_select($chart_end_year, "2000").'>2000
> <OPTION VALUE="2001" '.chk_select($chart_end_year, "2001").'>2001
> <OPTION VALUE="2002" '.chk_select($chart_end_year, "2002").'>2002
> <OPTION VALUE="2003" '.chk_select($chart_end_year, "2003").'>2003
> </SELECT>';
diff /home/uwe/acidlab/acid_state_citems.inc
/usr/share/acidlab/acid_state_citems.inc
735,740c735,740
< echo ' <OPTION VALUE="2005"
'.chk_select($this->criteria[$i][4],"2005").'>2005';
< echo ' <OPTION VALUE="2006"
'.chk_select($this->criteria[$i][4],"2006").'>2006';
< echo ' <OPTION VALUE="2007"
'.chk_select($this->criteria[$i][4],"2007").'>2007';
< echo ' <OPTION VALUE="2008"
'.chk_select($this->criteria[$i][4],"2008").'>2008';
< echo ' <OPTION VALUE="2009"
'.chk_select($this->criteria[$i][4],"2009").'>2009';
< echo ' <OPTION VALUE="2010"
'.chk_select($this->criteria[$i][4],"2010").'>2010</SELECT>';
---
> echo ' <OPTION VALUE="1999"
> '.chk_select($this->criteria[$i][4],"1999").'>1999';
> echo ' <OPTION VALUE="2000"
> '.chk_select($this->criteria[$i][4],"2000").'>2000';
> echo ' <OPTION VALUE="2001"
> '.chk_select($this->criteria[$i][4],"2001").'>2001';
> echo ' <OPTION VALUE="2002"
> '.chk_select($this->criteria[$i][4],"2002").'>2002';
> echo ' <OPTION VALUE="2003"
> '.chk_select($this->criteria[$i][4],"2003").'>2003';
> echo ' <OPTION VALUE="2004"
> '.chk_select($this->criteria[$i][4],"2004").'>2004</SELECT>';
diff /home/uwe/acidlab/acid_stat_time.php /usr/share/acidlab/acid_stat_time.php
189,194c189,194
< <OPTION VALUE="2005" '.chk_select($time[$i][2],"2005").'>2005
< <OPTION VALUE="2006" '.chk_select($time[$i][2],"2006").'>2006
< <OPTION VALUE="2007" '.chk_select($time[$i][2],"2007").'>2007
< <OPTION VALUE="2008" '.chk_select($time[$i][2],"2008").'>2008
< <OPTION VALUE="2009" '.chk_select($time[$i][2],"2009").'>2009
< <OPTION VALUE="2010" '.chk_select($time[$i][2],"2009").'>2010
---
> <OPTION VALUE="1999" '.chk_select($time[$i][2],"1999").'>1999
> <OPTION VALUE="2000" '.chk_select($time[$i][2],"2000").'>2000
> <OPTION VALUE="2001" '.chk_select($time[$i][2],"2001").'>2001
> <OPTION VALUE="2002" '.chk_select($time[$i][2],"2002").'>2002
> <OPTION VALUE="2003" '.chk_select($time[$i][2],"2003").'>2003
> <OPTION VALUE="2004" '.chk_select($time[$i][2],"2003").'>2004
--------------060907030509070108010204--
---------------------------------------
Received: (at 307712-close) by bugs.debian.org; 1 Nov 2005 14:17:35 +0000
>From [EMAIL PROTECTED] Tue Nov 01 06:17:35 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 3.36 1 (Debian))
id 1EWwwo-0005yu-00; Tue, 01 Nov 2005 06:17:10 -0800
From: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.56 $
Subject: Bug#307712: fixed in acidlab 0.9.6b20-13
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Tue, 01 Nov 2005 06:17:10 -0800
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
X-CrossAssassin-Score: 2
Source: acidlab
Source-Version: 0.9.6b20-13
We believe that the bug you reported is fixed in the latest version of
acidlab, which is due to be installed in the Debian FTP archive:
acidlab-doc_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-doc_0.9.6b20-13_all.deb
acidlab-mysql_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-mysql_0.9.6b20-13_all.deb
acidlab-pgsql_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab-pgsql_0.9.6b20-13_all.deb
acidlab_0.9.6b20-13.diff.gz
to pool/main/a/acidlab/acidlab_0.9.6b20-13.diff.gz
acidlab_0.9.6b20-13.dsc
to pool/main/a/acidlab/acidlab_0.9.6b20-13.dsc
acidlab_0.9.6b20-13_all.deb
to pool/main/a/acidlab/acidlab_0.9.6b20-13_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]> (supplier of updated
acidlab package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 30 Oct 2005 22:05:35 +0100
Source: acidlab
Binary: acidlab-doc acidlab-pgsql acidlab acidlab-mysql
Architecture: source all
Version: 0.9.6b20-13
Distribution: unstable
Urgency: high
Maintainer: Jeremy T. Bouse <[EMAIL PROTECTED]>
Changed-By: Javier Fernandez-Sanguino Pen~a <[EMAIL PROTECTED]>
Description:
acidlab - Analysis Console for Intrusion Databases
acidlab-doc - Analysis Console for Intrusion Databases (documentation)
acidlab-mysql - Analysis Console for Intrusion Databases for MySQL
acidlab-pgsql - Analysis Console for Intrusion Databases for Postgres
Closes: 155212 247730 270171 303217 307712 314566 315135 331732
Changes:
acidlab (0.9.6b20-13) unstable; urgency=high
.
* Patch [013] SECURITY fix:
- Add proper filtering in all ImportHTTP variables using either the new
functions to check for numeric/alphanumeric chars or the filterSql()
function to prevent SQL injection attacks. This patch fixes CVE-2005-3325
but also other attack vectors not mentioned in the initial advisory
(http://www.frsirt.com/english/advisories/2005/2188)
* Patch [014] Updated dates of php selections up to 2007
* Changed patch [010]: fix locations of Nessus
* New patch [015]: fix location of Snort database, provided alternative
Ports lookup and added alternative locations for DNS queries (Closes:
#315135)
* Fixed FSF address in debian/copyright
* Patch [016]: Allow graphic data to be represented until 2007. This patch
together with patch [014] means that acid's last date is 2007 which should
be
enough since we are going to replace it with BASE in the short term
(Closes: #314566, #307712, #303217, #270171)
* Document the changes that need to be done in order to extend the available
year options (Closes: #247730)
* Added a debian/TODO to describe how to fix the issue with new years with a
simple for each loop.
* Acidlab now depends on "| debconf-2.0" as requested by Joey Hess, I
changed debian/packages instead of debian/control this time (Closes:
#331732)
* To reduce the risk of possible vulnerabilities in the code, made the
default apache.conf allow access only from localhost and document this in
the README file
* Document the fact that this version is actually 0.9.6b20+patches from the
latest upstream release 0.9.6b23 and that the later will never be
released. (Closes: #155212)
* Added the upstream homepage to all package descriptions.
Files:
738b1a585919b2b924e24fbb34ce3be7 840 web extra acidlab_0.9.6b20-13.dsc
7b39c7253ad82010d391af41e4c97d14 354649 web extra acidlab_0.9.6b20-13.diff.gz
379034fb2cff2fdfa89544ed970337ed 5212 web extra
acidlab-mysql_0.9.6b20-13_all.deb
9ef04ab7465ea79030e1a0730162dd8c 5212 web extra
acidlab-pgsql_0.9.6b20-13_all.deb
70d81053834bee5af9efe9a47a2b2b69 276742 web extra
acidlab-doc_0.9.6b20-13_all.deb
2a3bc0f45d4b6f7afbdc760715676563 663152 web extra acidlab_0.9.6b20-13_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iQCVAwUBQ2dxS/tEPvakNq0lAQI/TAQAqHql26lFMOqn1tMtptBx3NB8fO/UwSSq
Mvr/eQHkw6b1g3ep3P5EwMh7pPzVHphUVsV8HFUXCRcYWllxYS99bir7mNWrJmvh
eoBowIV/siRUUdZrNrrDQLbDW7ACgW05yE9yBBbHNw4cp9hVTbBVE1GWZv6BK6wJ
kn3TycSBiQc=
=fuif
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
