Your message dated Mon, 28 Nov 2005 02:47:13 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#323919: fixed in logwatch 7.1-1
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 19 Aug 2005 08:44:41 +0000
>From [EMAIL PROTECTED] Fri Aug 19 01:44:41 2005
Return-path: <[EMAIL PROTECTED]>
Received: from ns.delft-infra-advies.nl (dia.delft-infra-advies.nl)
[194.171.50.76]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1E62UT-0004z2-00; Fri, 19 Aug 2005 01:44:41 -0700
Received: from localhost (localhost [127.0.0.1])
by dia.delft-infra-advies.nl (Postfix) with ESMTP id 8450FC517
for <[EMAIL PROTECTED]>; Fri, 19 Aug 2005 10:44:09 +0200 (CEST)
Received: from dia.delft-infra-advies.nl ([127.0.0.1])
by localhost (dia [127.0.0.1]) (amavisd-new, port 10024) with ESMTP
id 22000-06 for <[EMAIL PROTECTED]>;
Fri, 19 Aug 2005 10:44:07 +0200 (CEST)
Received: from iluvatar.varda.nl (ip20-116-59-81.dyndsl.versatel.nl
[81.59.116.20])
(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
(No client certificate requested)
by dia.delft-infra-advies.nl (Postfix) with ESMTP id D1E70B851
for <[EMAIL PROTECTED]>; Fri, 19 Aug 2005 10:44:06 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
by iluvatar.varda.nl (Postfix) with ESMTP id 3DA5EB13D
for <[EMAIL PROTECTED]>; Fri, 19 Aug 2005 10:44:05 +0200 (CEST)
Received: from iluvatar.varda.nl ([127.0.0.1])
by localhost (iluvatar [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id 30598-09; Fri, 19 Aug 2005 10:44:03 +0200 (CEST)
Received: by iluvatar.varda.nl (Postfix, from userid 1001)
id A896EB169; Fri, 19 Aug 2005 10:44:03 +0200 (CEST)
Content-Type: multipart/mixed; boundary="===============0337370160=="
MIME-Version: 1.0
From: Taco IJsselmuiden <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: logwatch: script 'http' has incorrect exploit pattern for /../../../
X-Mailer: reportbug 3.15
Date: Fri, 19 Aug 2005 10:44:03 +0200
Message-Id: <[EMAIL PROTECTED]>
X-Virus-Scanned: by amavisd-new-20030616-p10 (Debian) at delft-infra-advies.nl
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
This is a multi-part MIME message sent by reportbug.
--===============0337370160==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Package: logwatch
Version: 6.1.2-1
Severity: normal
Tags: patch
the script 'http' uses '/../../../' as an exploit-pattern.
This causes things like '/dat/cjf/00/20/38/13.js' to match (which aren't
exploits).
attached patch changes this to '/\.\./\.\./\.\./' which fixes this
problem.
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.10-4
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages logwatch depends on:
ii mailx 1:8.1.2-0.20050715cvs-1 A simple mail user agent
ii perl 5.8.7-4 Larry Wall's Practical Extraction
logwatch recommends no packages.
-- no debconf information
--===============0337370160==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename="patch.logwatch-6.1.2.fix-exploit-pattern.diff"
diff -ur logwatch-6.1.2.debian/scripts/services/http
logwatch-6.1.2/scripts/services/http
--- logwatch-6.1.2.debian/scripts/services/http 2005-06-14 07:16:17.000000000
+0200
+++ logwatch-6.1.2/scripts/services/http 2005-08-19 09:54:52.209780234
+0200
@@ -250,7 +250,7 @@
#
my @exploits = (
'null',
- '/../../../',
+ '/\.\./\.\./\.\./',
'../../config.sys',
'/../../../autoexec.bat',
'/../../windows/user.dat',
--===============0337370160==--
---------------------------------------
Received: (at 323919-close) by bugs.debian.org; 28 Nov 2005 10:51:24 +0000
>From [EMAIL PROTECTED] Mon Nov 28 02:51:24 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EggXR-00032F-85; Mon, 28 Nov 2005 02:47:13 -0800
From: Willi Mann <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.60 $
Subject: Bug#323919: fixed in logwatch 7.1-1
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Mon, 28 Nov 2005 02:47:13 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: logwatch
Source-Version: 7.1-1
We believe that the bug you reported is fixed in the latest version of
logwatch, which is due to be installed in the Debian FTP archive:
logwatch_7.1-1.diff.gz
to pool/main/l/logwatch/logwatch_7.1-1.diff.gz
logwatch_7.1-1.dsc
to pool/main/l/logwatch/logwatch_7.1-1.dsc
logwatch_7.1-1_all.deb
to pool/main/l/logwatch/logwatch_7.1-1_all.deb
logwatch_7.1.orig.tar.gz
to pool/main/l/logwatch/logwatch_7.1.orig.tar.gz
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Willi Mann <[EMAIL PROTECTED]> (supplier of updated logwatch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 19 Nov 2005 16:39:24 +0100
Source: logwatch
Binary: logwatch
Architecture: source all
Version: 7.1-1
Distribution: unstable
Urgency: low
Maintainer: Willi Mann <[EMAIL PROTECTED]>
Changed-By: Willi Mann <[EMAIL PROTECTED]>
Description:
logwatch - log analyser with nice output written in Perl
Closes: 317894 317913 323919
Changes:
logwatch (7.1-1) unstable; urgency=low
.
* New upstream release
- new standards version 3.6.2 (no changes)
- Closes: #317894, frequent typo "IngnoreUnmatched" in various scripts,
Closes: #317913, fixes in pure-ftpd
both fixes by Piotr Krukowiecki (thanks)
- Closes: #323919, regexes for http exploits did not escape "."
thanks to Taco IJsselmuiden for the report
* Cope with the new directory layout.
- There is a preinst script now, the removes unneeded config files.
- README.Debian updated
- NEWS.Debian added
- debian/rules updated
* This package is now maintained as project "pkg-logwatch" on
alioth.debian.org. The svn repository is on svn.debian.org.
* Depend on gawk, and explicity use it in zz-disk_space. Seems that there is
some GNUism.
Files:
fbd5d72d4a790ab87674cd70ec2d8820 560 admin optional logwatch_7.1-1.dsc
6abe774abb10f45472c387f5e646a251 209486 admin optional logwatch_7.1.orig.tar.gz
d04dbce6dba7101b8256d601996b8e19 13514 admin optional logwatch_7.1-1.diff.gz
f1ee084fb39704424e06c069afaf1f3b 216712 admin optional logwatch_7.1-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDitxKliSD4VZixzQRAgfZAJ428Q8EvJ5tBDR+BOZ3qLVwAu+ZwACcC1i1
tXtxKjeq8hOi5/6n0DOh3sQ=
=OPzF
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
