Hi, I was looking at CVE-2009-5023 of fail2ban: as reported in this page https://security-tracker.debian.org/tracker/source-package/fail2ban squeeze should be vulnerable.
But looking at the code (apt-get source fail2ban) I saw no evidence of the bug...so I installed fail2ban and the config files ( https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 ) are correct (i.e. use /var/run/failban and not /tmp ) Moreover http://metadata.ftp-master.debian.org/changelogs//main/f/fail2ban/fail2ban_0.8.4-3+squeeze2_changelog states that #544232 was closed in fail2ban (0.8.4-3+squeeze1). Maybe I'm wrong ... if so, please tell me what I'm missing. Regards -- Matteo Filippetto http://www.op83.eu @matteo_1983 -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/CAP+0xm5eadVB=w8+ivj2RVbG45B38fQdzC-H0FnmX=mfdxo...@mail.gmail.com
