Your message dated Fri, 16 Dec 2005 23:21:43 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#318946: fixed in shorewall 2.2.3-2
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--------------------------------------
Received: (at submit) by bugs.debian.org; 18 Jul 2005 19:17:02 +0000
>From [EMAIL PROTECTED] Mon Jul 18 12:17:02 2005
Return-path: <[EMAIL PROTECTED]>
Received: from vsmtp1alice.tin.it [212.216.176.144]
by spohr.debian.org with esmtp (Exim 3.36 1 (Debian))
id 1Dub6r-0007vh-00; Mon, 18 Jul 2005 12:17:02 -0700
Received: from sawfish.shadow.net (82.50.78.89) by vsmtp1alice.tin.it
(7.2.060.1)
id 42D22FB9000C74B0 for [EMAIL PROTECTED]; Mon, 18 Jul 2005 21:16:29
+0200
Received: from martignlo by sawfish.shadow.net with local (Exim 4.50)
id 1Dub7K-0004RO-23
for [EMAIL PROTECTED]; Mon, 18 Jul 2005 21:17:30 +0200
From: Lorenzo Martignoni <[EMAIL PROTECTED]>
To: Debian Bug Tracking System <[EMAIL PROTECTED]>
Subject: shorewall: A client accepted by MAC address filtering to bypass any
other rule
Message-Id: <[EMAIL PROTECTED]>
Date: Mon, 18 Jul 2005 21:17:30 +0200
X-BadReturnPath: [EMAIL PROTECTED] rewritten as [EMAIL PROTECTED]
using "From" header
Delivered-To: [EMAIL PROTECTED]
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-8.0 required=4.0 tests=BAYES_00,HAS_PACKAGE
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Package: shorewall
Version: 2.4.1-2
Severity: critical
Tags: security
A client accepted by MAC address filtering can bypass any other rule.
If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION
is set to "ACCEPT" in /etc/shorewall/shorewall.conf (default is
MACLIST_TTL=0 and MACLIST_DISPOSITION=REJECT), and a client is
positively identified through its MAC address, it bypasses all other
policies/rules in place, thus gaining access to all open services on
the firewall.
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/dash
Kernel: Linux 2.6.11
Locale: [EMAIL PROTECTED], [EMAIL PROTECTED] (charmap=ISO-8859-15)
Versions of packages shorewall depends on:
ii debconf 1.4.49 Debian configuration management sy
ii iproute 20041019-3 Professional tools to control the
ii iptables 1.2.11-10 Linux kernel 2.4+ iptables adminis
-- debconf information:
shorewall/upgrade_20_22:
shorewall/upgrade_14_20:
shorewall/upgrade_to_14:
shorewall/warnrfc1918:
* shorewall/dont_restart:
shorewall/major_release: true
---------------------------------------
Received: (at 318946-close) by bugs.debian.org; 17 Dec 2005 07:23:42 +0000
>From [EMAIL PROTECTED] Fri Dec 16 23:23:42 2005
Return-path: <[EMAIL PROTECTED]>
Received: from katie by spohr.debian.org with local (Exim 4.50)
id 1EnWNz-00073i-UQ; Fri, 16 Dec 2005 23:21:43 -0800
From: Lorenzo Martignoni <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
X-Katie: $Revision: 1.17 $
Subject: Bug#318946: fixed in shorewall 2.2.3-2
Message-Id: <[EMAIL PROTECTED]>
Sender: Archive Administrator <[EMAIL PROTECTED]>
Date: Fri, 16 Dec 2005 23:21:43 -0800
X-Spam-Checker-Version: SpamAssassin 2.60-bugs.debian.org_2005_01_02
(1.212-2003-09-23-exp) on spohr.debian.org
X-Spam-Level:
X-Spam-Status: No, hits=-6.0 required=4.0 tests=BAYES_00,HAS_BUG_NUMBER
autolearn=no version=2.60-bugs.debian.org_2005_01_02
Source: shorewall
Source-Version: 2.2.3-2
We believe that the bug you reported is fixed in the latest version of
shorewall, which is due to be installed in the Debian FTP archive:
shorewall_2.2.3-2.diff.gz
to pool/main/s/shorewall/shorewall_2.2.3-2.diff.gz
shorewall_2.2.3-2.dsc
to pool/main/s/shorewall/shorewall_2.2.3-2.dsc
shorewall_2.2.3-2_all.deb
to pool/main/s/shorewall/shorewall_2.2.3-2_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Lorenzo Martignoni <[EMAIL PROTECTED]> (supplier of updated shorewall package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 16 Sep 2005 10:24:24 +0200
Source: shorewall
Binary: shorewall
Architecture: source all
Version: 2.2.3-2
Distribution: stable-security
Urgency: high
Maintainer: Lorenzo Martignoni <[EMAIL PROTECTED]>
Changed-By: Lorenzo Martignoni <[EMAIL PROTECTED]>
Description:
shorewall - Shoreline Firewall (Shorewall)
Closes: 318946
Changes:
shorewall (2.2.3-2) stable-security; urgency=high
.
* Backported upstream patch from shorewall 2.2.5 to fix the MACLIST security
problem CAN-2005-2317 (Closes: 318946).
Files:
a280401e705da1a93b31e2b0d6abafb9 656 net optional shorewall_2.2.3-2.dsc
e6d35af167daece754b263fb77285960 34181 net optional shorewall_2.2.3-2.diff.gz
df114b25a419d77915598de5844b423e 126841 net optional
shorewall_2.2.3.orig.tar.gz
556f925a3f6393e1b7376686c1796d89 151538 net optional shorewall_2.2.3-2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDPhpvW5ql+IAeqTIRAqMkAKCEa8sS/5nYAJjrWjiZHAX1SkPnKgCeMLfx
hHjsQlshnWOV6VJUoNCv65s=
=7RsC
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
