diff -u denyhosts-2.6/debian/control denyhosts-2.6/debian/control --- denyhosts-2.6/debian/control +++ denyhosts-2.6/debian/control @@ -1,7 +1,8 @@ Source: denyhosts Section: net Priority: optional -Maintainer: Marco Bertorello +Maintainer: Ubuntu MOTU Developers +XSBC-Original-Maintainer: Marco Bertorello Uploaders: Marco Nenciarini Build-Depends: cdbs (>= 0.4.43), debhelper (>= 5.0.37.1), dpatch, python, python-central (>= 0.5) Standards-Version: 3.7.2.0 diff -u denyhosts-2.6/debian/changelog denyhosts-2.6/debian/changelog --- denyhosts-2.6/debian/changelog +++ denyhosts-2.6/debian/changelog @@ -1,3 +1,15 @@ +denyhosts (2.6-1ubuntu0.1) feisty-security; urgency=low + + * SECURITY UPDATE: hosts not denied (LP: #133569), and possible denial of + service (LP: #162406). + * debian/patches/{06_CVE-2007-5715,07_CVE-2007-4323}.dpatch: Add patches + from Debian. + * References + CVE-2007-5715 + CVE-2007-4323 + + -- William Grant Tue, 13 Nov 2007 23:31:18 +1100 + denyhosts (2.6-1) unstable; urgency=high * New upstram release (Closes: #401795) diff -u denyhosts-2.6/debian/patches/00list denyhosts-2.6/debian/patches/00list --- denyhosts-2.6/debian/patches/00list +++ denyhosts-2.6/debian/patches/00list @@ -5,0 +6,2 @@ +06_CVE-2007-5715.dpatch +07_CVE-2007-4323.dpatch only in patch2: unchanged: --- denyhosts-2.6.orig/debian/patches/07_CVE-2007-4323.dpatch +++ denyhosts-2.6/debian/patches/07_CVE-2007-4323.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 07_CVE-2007-4323.dpatch by Nico Golde +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad denyhosts-2.6~/DenyHosts/regex.py denyhosts-2.6/DenyHosts/regex.py +--- denyhosts-2.6~/DenyHosts/regex.py 2006-12-07 20:47:04.000000000 +0100 ++++ denyhosts-2.6/DenyHosts/regex.py 2007-08-16 02:48:29.000000000 +0200 +@@ -17,7 +17,7 @@ + + FAILED_ENTRY_REGEX4 = re.compile(r"""Authentication failure for (?P.*) .*from (?P.*)""") + +-FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) .*from (?P.*) not allowed because none of user's groups are listed in AllowGroups""") ++FAILED_ENTRY_REGEX5 = re.compile(r"""User (?P.*) .*from (?P.*) not allowed because none of user's groups are listed in AllowGroups$""") + + FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + only in patch2: unchanged: --- denyhosts-2.6.orig/debian/patches/06_CVE-2007-5715.dpatch +++ denyhosts-2.6/debian/patches/06_CVE-2007-5715.dpatch @@ -0,0 +1,19 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 06_CVE-2007-5715.dpatch by +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: No description. + +@DPATCH@ +diff -urNad denyhosts-2.6~/DenyHosts/regex.py denyhosts-2.6/DenyHosts/regex.py +--- denyhosts-2.6~/DenyHosts/regex.py 2007-05-15 21:08:18.000000000 +0200 ++++ denyhosts-2.6/DenyHosts/regex.py 2007-05-15 21:09:39.000000000 +0200 +@@ -21,7 +21,7 @@ + + FAILED_ENTRY_REGEX6 = re.compile(r"""Did not receive identification string .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3})""") + +-FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) not allowed because not listed in AllowUsers""") ++FAILED_ENTRY_REGEX7 = re.compile(r"""User (?P.*) .*from (::ffff:)?(?P\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers""") + + + # these are reserved for future versions