Bug 252290 (CVE-2007-4321)
| Summary: | CVE-2007-4321 fail2ban DoS | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Lubomir Kundrak <lkundrak> |
| Component: | fail2ban | Assignee: | Axel Thimm <Axel.Thimm> |
| Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 7 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.ossec.net/en/attacking-loganalysis.html | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2007-08-15 12:52:48 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Lubomir Kundrak
2007-08-15 05:06:06 UTC
Axel: Please do _not_ ever close any bug (not even security bugs) without explaining a reason. And do _not_ ever put a entry that definitely describes a bug into NOTABUG state. Thanks. Lubomir: Please do not ever file bugs w/o either * _testing_ the package in question, * _reviewing_ the actual package's source code or * simply going through the trouble to read the package _changelog_. * Or maybe even check _bugzilla_ first. This definitely describes a bug _already fixed_ two months ago with a security erratum push to teh official updates channel. So before taking a high attitude please pay attention to what is actually in Fedora, before doing the cut'n'paste from mitre. Other than doing a proper analysis you'll also save your and my time as a side-effect. Thanks. https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00479.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244942 * Thu Jun 21 2007 Axel Thimm <Axel Thimm ATrpms net> - 0.8.0-9 - Fix remote log injection (no CVE assignment yet). (In reply to comment #2) > Lubomir: Please do not ever file bugs w/o either > > * _testing_ the package in question, > * _reviewing_ the actual package's source code or > * simply going through the trouble to read the package _changelog_. > * Or maybe even check _bugzilla_ first. Axel. If I was doing all this stuff for every CVE that is suspected to affect us, I'd probably need 50-hours days. If you voluneer for doing this work, you're welcome. If is usually more efficient if I just file a bug, track the CVE and maintainer, who usually knows the best either fixes the bug, or just closes the bug with _an appropriate comment_. > This definitely describes a bug _already fixed_ two months ago with a security > erratum push to teh official updates channel. So before taking a high attitude > please pay attention to what is actually in Fedora, before doing the cut'n'paste > from mitre. Other than doing a proper analysis you'll also save your and my time > as a side-effect. Thanks. > > https://www.redhat.com/archives/fedora-package-announce/2007-June/msg00479.html > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=244942 Partially my fault, I should have looked thorough updates without a CVE to see if this was fixed. Again, doing this for each issue without a CVE name we stumble upon consumes time. > > * Thu Jun 21 2007 Axel Thimm <Axel Thimm ATrpms net> - 0.8.0-9 > - Fix remote log injection (no CVE assignment yet). > If you are fixing a security issue without a CVE name, make sure it gets a CVE name. Usually it's best to tell fedora-security-list. <personal rant>If we did not package unuseful crap, we would save us from doing all this</personal rant> |