I never said 'prior to 0.6'. I said that it is fixed in etch version
which is 0.7.5-2, where failregex looks like
failregex = (?:(?:Authentication failure|Failed [-/\w+]+) for(?:
[iI](?:llegal|nvalid) user)?|[Ii](?:llegal|nvalid) user|ROOT LOGIN
REFUSED) .*(?: from|FROM) <HOST>
which is different from the reported in the bugreport against ubuntu
package
So please clarify what actual failregex in what versions of fail2ban
shipped with ubuntu you have... and if they are different to corresponding ones
in debian.
On Wed, 12 Dec 2007, Jamie Strandboge wrote:
> Yaroslav, your comment toward the end of the debian bug report says that
> this is fixed in debian prior to 0.6, but here you say it is still
> vulnerable. Since ubuntu uses debian source packages, I am confused by
> your statements. Can you clarify?
> ** Changed in: fail2ban (Ubuntu Edgy)
> Status: Confirmed => Incomplete
> ** Changed in: fail2ban (Ubuntu Dapper)
> Status: Confirmed => Incomplete
--
Yaroslav Halchenko
Ph.D. Student CS Dept. NJIT
--
Denial of service through log injection in fail2ban
https://bugs.launchpad.net/bugs/121374
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
