Re: Re: [SECURITY] [DSA 2826-1] denyhosts security update

[Yves-Alexis Perez <corsac () debian org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

On Sun, Dec 22, 2013 at 07:51:29PM +0100, Helmut Grohne wrote:
> The proposed solution is to tighten up the regular expressions for
> matching log file entries. Specifically including the $ pattern to match
> the end of log lines. For your convenience I attach the final patch.
>
> The Debian security advisory is the initial public disclosure.
>
> I am not aware of any upstream response to this issue and the last
> denyhosts release is from 2008.

On top of that, we really advise anyone still using denyhosts to switch
to a more maintained solution. fail2ban apparently does the same job. I
can't judge the code quality, but at least someone is taking care of it.

Regards,
- -- 
Yves-Alexis Perez
Debian security team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)

iQEcBAEBCgAGBQJSt2GnAAoJEG3bU/KmdcClyB4H/2TIISrDlhgv5nQUcp01Y96H
Y0XIJBgA/2C03AKnk7TtBHc0KB79DuaTVP9YljtqDmYWZ8t1S0D+ZBmZvqZA0yRy
OvBDqRu180lRUHfZNVtzcmigqaNABCbjpMXSRhHoJ9wyuMO/vYvzV89fwTLMnUjA
xR6sDLT9Mr7VQi2HqCdLzxB9TgVjpKEdyGcYZJRpxosEJtbT3cQMPf936ZLbZTKr
WJcLdnCv9Bjt48EtUtAm/2OYbiLe7uWRruD5d0hffA6wTqlPPR+6WJFNDKl4GzOy
4LTBEhUuNTKjvWGti4olkGwmiYiyknLnLOpC4+sT3rfNe8XuR3/6r6LdvepNUZ8=
=gtu+
-----END PGP SIGNATURE-----