> which is different from the reported in the bugreport against ubuntu package
> So please clarify what actual failregex in what versions of fail2ban
> shipped with ubuntu you have... and if they are different to corresponding ones
> in debian.
> On Wed, 12 Dec 2007, Jamie Strandboge wrote:
> > Yaroslav, your comment toward the end of the debian bug report says that
> > this is fixed in debian prior to 0.6, but here you say it is still
> > vulnerable. Since ubuntu uses debian source packages, I am confused by
> > your statements. Can you clarify?
checked the 0.7.6-3 -- indeed it had the bug....
but it was fixed later on so debian package is not shipped with it any
longer ;-)
On Wed, 12 Dec 2007, Yaroslav Halchenko wrote:
> I never said 'prior to 0.6'. I said that it is fixed in etch version
> which is 0.7.5-2, where failregex looks like
> failregex = (?:(?:Authentic ation failure|Failed [-/\w+]+) for(?: [iI](?: llegal| nvalid) user)?| [Ii](?: llegal| nvalid) user|ROOT LOGIN REFUSED) .*(?: from|FROM) <HOST>
> which is different from the reported in the bugreport against ubuntu package
> So please clarify what actual failregex in what versions of fail2ban
> shipped with ubuntu you have... and if they are different to corresponding ones
> in debian.
> On Wed, 12 Dec 2007, Jamie Strandboge wrote:
> > Yaroslav, your comment toward the end of the debian bug report says that
> > this is fixed in debian prior to 0.6, but here you say it is still
> > vulnerable. Since ubuntu uses debian source packages, I am confused by
> > your statements. Can you clarify?
> > ** Changed in: fail2ban (Ubuntu Edgy)
> > Status: Confirmed => Incomplete
> > ** Changed in: fail2ban (Ubuntu Dapper) www.linkedin. com/in/ yarik
> > Status: Confirmed => Incomplete
--
Yaroslav Halchenko
Research Assistant, Psychology Department, Rutgers-Newark
Student Ph.D. @ CS Dept. NJIT
Office: (973) 353-5440x263 | FWD: 82823 | Fax: (973) 353-1171
101 Warren Str, Smith Hall, Rm 4-105, Newark NJ 07102
WWW: http://