* Martin Schulze <[EMAIL PROTECTED]>:
> Florian Weimer wrote:
> > >> (Note that I have yet to test Lorenzo's new package.)
> > >
> > > Are you in a position to do so?
> >
> > Sure, but the question is if you want to rely on the results. You
> > don't seem to trust my judgement on this matter, fo
* Florian Weimer <[EMAIL PROTECTED]>:
> * Lorenzo Martignoni:
>
> > The patch has been tested by me and by Paul Gear but further tests will
> > be better, so your feedback will be very precious.
>
> Apart from the lack of CVE entry in the changelog, the pac
* Florian Weimer <[EMAIL PROTECTED]>:
> * Martin Schulze:
>
> >> > What was the behaviour pre-sarge?
> >> > What is the behaviour post-sarge (or rather in sarge)?
> >>
> >> Do you mean "before and after the upstream security update"? The
> >> terms pre-sarge/post-sarge do not make much sense to
* Florian Weimer <[EMAIL PROTECTED]>:
> * Martin Schulze:
>
> > What was the behaviour pre-sarge?
> > What is the behaviour post-sarge (or rather in sarge)?
>
> Do you mean "before and after the upstream security update"? The
> terms pre-sarge/post-sarge do not make much sense to me in this
> c
The bug affects Shorewall 2.2.x and 2.4.x but the only affected Debian
package is shorewall_2.2.3-1 which is currently in Sarge.
The problem with this bug is that clients which mac addresses are known
can bypass the firewall rules and do whatever they want: if
MACLIST_DISPOSITION is set to ACCEPT
Package: shorewall
Version: 2.4.1-2
Severity: critical
Tags: security
A client accepted by MAC address filtering can bypass any other rule.
If MACLIST_TTL is set to a value greater than 0 or MACLIST_DISPOSITION
is set to "ACCEPT" in /etc/shorewall/shorewall.conf (default is
MACLIST_TTL=0 and MACLI
6 matches
Mail list logo
