Your message dated Sun, 01 Feb 2026 12:28:20 +0000
with message-id <[email protected]>
and subject line Bug#894821: fixed in snuffleupagus 0.12.0-1
has caused the Debian Bug report #894821,
regarding ITP: snuffleupagus -- Security module for php7 - Killing bugclasses
and virtual-patching the rest
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
894821: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894821
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: wnpp
Owner: Georg Faerber <[email protected]>
Severity: wishlist
Package name : snuffleupagus
Version : 0.2.2
Upstream Author : 2017 NBS System
URL : https://github.com/nbs-system/snuffleupagus
License : GNU Lesser General Public License v3.0
Programming Lang: C / PHP
Description : security module for php7
snuffleupagus is a PHP 7+ module designed to drastically raise the cost
of attacks against websites, by killing entire bug classes. It also
provides a powerful virtual-patching system, allowing administrators to
fix specific vulnerabilities and audit suspicious behaviours without
having to touch the PHP code.
Key Features
- Close to zero performance impact
- Powerful yet simple to write virtual-patching rules
- Killing several classes for vulnerabilities
- Unserialize-based code execution
- mail-based code execution
- Cookie-stealing XSS
- File-upload based code execution
- Weak PRNG
- XXE
Hardening features
- Automatic secure and samesite flag for cookies
- Bundled set of rule to detect post-compromissions behaviours
- Global strict mode
- Preventing writeable files execution
- Whitelist/blacklist for eval
- Request dumping capability
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
Source: snuffleupagus
Source-Version: 0.12.0-1
Done: Christian Göttsche <[email protected]>
We believe that the bug you reported is fixed in the latest version of
snuffleupagus, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Christian Göttsche <[email protected]> (supplier of updated snuffleupagus
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 23 Aug 2025 14:56:41 +0200
Binary: php-snuffleupagus php-snuffleupagus-dbgsym
Source: snuffleupagus
Architecture: arm64 source
Version: 0.12.0-1
Distribution: unstable
Urgency: medium
Maintainer: Christian Göttsche <[email protected]>
Changed-By: Christian Göttsche <[email protected]>
Closes: 894821
Description:
php-snuffleupagus - Security module for php7 and php8
Changes:
snuffleupagus (0.12.0-1) unstable; urgency=medium
.
* Initial Release. (Closes: #894821)
Checksums-Sha1:
cf416506c8162853fcce506ef9ecb1fa44364e61 214076
php-snuffleupagus-dbgsym_0.12.0-1_arm64.deb
94ee72a1e192de776c9d396d915148dad2eb7eaf 71028
php-snuffleupagus_0.12.0-1_arm64.deb
5ffc1ee5cfccf354afb1b2785a1b30b50d302b12 7627
snuffleupagus_0.12.0-1_arm64.buildinfo
8b7f501eebde5cc75338fe96a2e4f0dc3018a436 1969 snuffleupagus_0.12.0-1.dsc
86323a7202a41792bfa9d67d55c3ce368ff45e57 561944
snuffleupagus_0.12.0.orig.tar.xz
43545efdabf0eb206fb3db6911b43bba2d66cc7c 4504
snuffleupagus_0.12.0-1.debian.tar.xz
Checksums-Sha256:
d3cd997b2a209445abc7d85d7c880521833fcb7140632541fce497936354b483 214076
php-snuffleupagus-dbgsym_0.12.0-1_arm64.deb
22a28596814e399598b5ed4cad060854e491e9b62ab55853ffa76db0ed2c18a1 71028
php-snuffleupagus_0.12.0-1_arm64.deb
89d903e6c55d2ae031fa9abdf5ca7c6e36c542bccd909c36f9d527f402da554f 7627
snuffleupagus_0.12.0-1_arm64.buildinfo
c8873d5a7310697c3372d9050f0baf2c9f1fad69aacd24b1fe201cffc80da5f1 1969
snuffleupagus_0.12.0-1.dsc
98f8b0de28ad8c876f09742863e0a0f68ce3b0fc7f4c9484cb7037669abee12e 561944
snuffleupagus_0.12.0.orig.tar.xz
5384b86b054068359dc8030e31ce3fa319206f7f22750958f88db0925d074a2e 4504
snuffleupagus_0.12.0-1.debian.tar.xz
Files:
be70f202e181f82f60da358c493684a5 214076 debug optional
php-snuffleupagus-dbgsym_0.12.0-1_arm64.deb
61342b9d84a66dacad67f51ced1a10de 71028 php optional
php-snuffleupagus_0.12.0-1_arm64.deb
d89276a403e73d3aeb355d6018596f72 7627 php optional
snuffleupagus_0.12.0-1_arm64.buildinfo
eb0520f27b684b042b9eff3ec3e6143e 1969 php optional snuffleupagus_0.12.0-1.dsc
829ba929ea3ef9887e3d2ad51f3fb472 561944 php optional
snuffleupagus_0.12.0.orig.tar.xz
1eeca5e71cdc574279a24fd92e85546b 4504 php optional
snuffleupagus_0.12.0-1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfRrP+tnggGycTNOSXBPW25MFLgMFAmisOZYACgkQXBPW25MF
LgOb+Q//aeijhahUs16QXDVlaFO0kIMlcgvKuk8PcC5z7AITIIOhsfL1C/HoNVCG
YKu9Vz0pD+3zwWLMzJn6GejZcWitjMNzC6FYo1SWGoPTwuqycGX+yuYHqiZUZaMP
eb0AhvK+BYgxraY8I3+ZztC9Qqaiw1GoWK5l7sqoCU541MO8VYoxuznwzp7BIqQQ
1gzVkP+Oh3KDF+LLvxEhYyVpJny+Rh68Om9kqYu5JTsEJ78Up+QaP+zV5OyBUjBQ
RRqpT+CptKwFv6s3izkiZwZitrSjx++P677mQ5/CLwMS1Ble6YBoUehz3v/goMUq
DZ7GdBtdabX0lrZZS6OppR0zdG3WQdWNa5yXW9c/GZ1Vt1Wf9Vhnrn43+EkbokiD
Df41eladHI9H/VVU1Hf/dTHuayD29EGf11v68jwO/H47p80BG0jAk/OZmKUzQo+L
MzK3pEJqjBbkYY3NUGmUJhH7i+WDKZCrBw2ietEqKTwj4AQcJ1Qg9MBPPJmGQiE5
wGPLqHolBt5VrCybxp6e+h5sW6PvZfPQVq1Cl6c9P6cXd/yWdIcWAGt/z897psG3
S6EnjrA3L5R3BREtPMxBfrNo4ci/H8Bh/UQbXfQD/BalXGm7lsTWQCxTKgp+5cL6
MmhKkeLi+pNYo7MCEDYkrTbSYZnJUsOVAr67V/Gw0B3jgqi47wA=
=KbGG
-----END PGP SIGNATURE-----
pgpIhgZvkqI_z.pgp
Description: PGP signature
--- End Message ---
