On Mon, Jun 02, 2014 at 11:10:54PM +0200, matteo filippetto wrote: > Hi, > > I was looking at CVE-2009-5023 of fail2ban: as reported in this page > https://security-tracker.debian.org/tracker/source-package/fail2ban > squeeze should be vulnerable. > > But looking at the code (apt-get source fail2ban) I saw no evidence of > the bug...so I installed fail2ban and the config files ( > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=544232 ) are > correct (i.e. use /var/run/failban and not /tmp ) > > Moreover > > http://metadata.ftp-master.debian.org/changelogs//main/f/fail2ban/fail2ban_0.8.4-3+squeeze2_changelog > > states that #544232 was closed in fail2ban (0.8.4-3+squeeze1). > > Maybe I'm wrong ... if so, please tell me what I'm missing.
You're right, the security tracker data is incomplete here. Do you want to update the data yourself? If so, please create an Alioth handle and tell us the username (it should end in -guest if you're not a DD). Then make an SVN checkout and edit the squeeze entry for CVE-2009-5023 in data/CVE/list (the format is explained in greater detail in https://security-tracker.debian.org/tracker/data/report Cheers, Moritz -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: https://lists.debian.org/[email protected]
