acidbase (1.2.1-4) unstable; urgency=low * Use dpatch system. Split .diff.gz into the following patches: (See patches descriptions for more details) - 01_default_config.dpatch - 02_update_external_links.dpatch - 04_fix_sql_injection.dpatch - 08_update_whois_servers.dpatch - 11_use_trim_to_avoid_signature_problems.dpatch * Use debhelper compat level 5 and update build-dependencies accordingly. * Initial Czech debconf translation, thanks Miroslav Kure! (Closes: #345309) * Fixed "Wrong $DBtype setup" bug: Use 'postgres' instead of 'postgresql' in db_type template (Closes: #347291) * Updated watch file. -- David Gil Thu, 12 Jan 2006 22:33:16 +0100 acidbase (1.2.1-3) unstable; urgency=low * Fixed bug "Can't delete alerts". Don't filter action_chk_lst and action_lst http variables since they are arrays, not strings. (Closes: #341180) * I missed a colon in the last changelog entry, now really Closes: #338301. * Added debconf templates translation. + New spanish po file. * Added watch file [ Javier Fernandez-Sanguino Pen~a ] * Reformatted debian/README.Debian and fix names that were pointing to ACID -- David Gil Fri, 02 Dec 2005 00:23:51 +0100 acidbase (1.2.1-2) unstable; urgency=low * Fixed broken searching and graph plotting (Closes #338301) * Removed debconf dependencies, ${misc:Depends} takes charge of them. * Always ask for webserver configuration in postinst. -- David Gil Sat, 12 Nov 2005 16:03:02 +0100 acidbase (1.2.1-1) unstable; urgency=low [ David Gil ] * New upstream release. [ Javier Fernandez-Sanguino Pen~a ] * SECURITY FIX: Add proper filtering in all ImportHTTP variables using either the new functions to check for numeric/alphanumeric chars or the filterSql() function to prevent SQL injection attacks. This patch fixes CVE-2005-3325 but also other attack vectors not mentioned in the initial advisory (http://www.frsirt.com/english/advisories/2005/2188) (Closes: #336788) * To reduce the risk of possible vulnerabilities in the code, made the default apache.conf allow access only from localhost and document this in the (new) README.Debian file * Added dependency on "debconf | debconf-2.0" * Added alternative DNS lookups at Sam Spade * Changed default alert database in debconf prompt to 'snort_log' -- David Gil Mon, 31 Oct 2005 15:41:55 +0100 acidbase (1.2-2) unstable; urgency=low * SECURITY FIX: SQL injection vulnerability (CVE-2005-3325) (Closes: #335998) * Install Apache configuration file if it is not present. -- David Gil Sat, 29 Oct 2005 12:19:10 +0200 acidbase (1.2-1) unstable; urgency=low * New upstream release. * debian/copyright: Updated fsf's address. * debian/postinst: Fixed bashism (Used [] && [] instead of [ -a ]). -- David Gil Mon, 17 Oct 2005 08:33:44 +0200 acidbase (1.1.4-2) unstable; urgency=low * Add /usr/share/php to apache configuration so that the Image_Graph libraries are included too * Fixed FSF address * Removed bashism from maintainer script -- Javier Fernandez-Sanguino Pen~a Tue, 11 Oct 2005 23:49:58 +0200 acidbase (1.1.4-1) unstable; urgency=low [ David Gil ] * Initial release (Closes: #323923, #319389). * Add an Apache configuration file to Alias /acidbase. * Package configuration through debconf. * Modify sources so that they use a configuration file which is installed at /etc/acidbase/base_conf.php (owned by root, group www-data and mode 0640 since it contains sensitive information) [ Javier Fernandez-Sanguino Pen~a ] * Applied patches included in the acidlab package that apply to this package too: - acidlab.011.diff: Added trim() to GetSingleSignatureReference in order to avoid problems when signatures contain spaces (this happens with snortcenter) - acidlab.008.diff: update Whois servers' IP addresses (was Debian Bug #183623) * Fixed location of signatures for Nessus (although the previous link works) and for ICAT (it is now the NVD - National Vulnerability Database) -- David Gil Wed, 24 Aug 2005 17:07:16 +0200