-
ettercap (1:0.8.1-3+deb8u1) jessie-security; urgency=medium
* SECURITY UPDATE:
* debian/patches/626dc56686f15f2dda13c48f78c2a666cb6d8506.patch:
- upstream fix fox CVE-2017-6430 (Closes: #857035)
(crash fix when a corrupted filter is used)
* debian/patches/803.patch:
- fix buffer overflow/underflow with bad filters (Closes: #861604).
CVE-2017-8366 (Buffer overflow/underflow issue)
- CVE-2017-6430
- CVE-2017-8366
-- Gianfranco Costamagna <email address hidden> Sun, 04 Jun 2017 12:33:30 +0200
-
ettercap (1:0.8.1-3) unstable; urgency=high
* Patch a bunch of security vulnerabilities (closes: #773416)
- CVE-2014-6395 (Length Parameter Inconsistency)
- CVE-2014-6396 (Arbitrary write)
- CVE-2014-9376 (Negative index/underflow)
- CVE-2014-9377 (Heap overflow)
- CVE-2014-9378 (Unchecked return value)
- CVE-2014-9379 (Incorrect cast)
- CVE-2014-9380 (Buffer over-read)
- CVE-2014-9381 (Signedness error)
See: https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1402/
Patches taken from repo CVE-patch, URL git://github.com/NickSampanis/ettercap.git
- 88804bd3a900d273215855f7c567ec891d31e547 CVE-patch/589
- 103f16582ee88341a6a610378011781cdc866b0c CVE-patch/602
- 3f0c582826095c722ab6fbf91518282a765a0b68 CVE-patch/603
- cb7b2028dc03c628aa0a1a5130ca41421ddebcb2 CVE-patch/604
- edd337d5d4f37ab8e330c5e067344dd5b3f10435 CVE-patch/605
- 37dcfdf79e1ac6dcacd565894cd7717aa0224164 CVE-patch/606
- c2a3c99af956146570d7883e4b540b9d0c0a3c46 CVE-patch/607
- 6b196e011fa456499ed4650a360961a2f1323818 CVE-patch/608
- afe7061948e85f0a0fd417d5e4c681bfaf212f42 CVE-patch/609
- 9e9fdc7ed1ee8eba01a5a05e000b6c55d2a70923 CVE-patch/610
Thanks to Nick Sampanis <email address hidden> who is responsible for
both finding and repairing these issues.
-- Barak A. Pearlmutter <email address hidden> Thu, 18 Dec 2014 09:07:40 +0000
-
ettercap (1:0.8.1-2) unstable; urgency=medium
* Remove byacc | byacc-j | btyacc, not compatible after
the cmake switch.
* Add flex-old as b-d, used with bison++.
* Fix conflicting files in both common and graphical package
(Closes: #768831).
* Fix some obsolete breaks+replaces, thanks Andreas!
* Remove the gksu dependency, not needed anymore.
-- Gianfranco Costamagna <email address hidden> Tue, 21 Oct 2014 13:19:19 +0200
-
ettercap (1:0.8.1-1) unstable; urgency=medium
* New upstream release.
* Remove bundled_deps directory, useless and some
luajit files are non dfsg.
* Update watch file.
* Update copyright file, order matters.
-- Gianfranco Costamagna <email address hidden> Wed, 15 Oct 2014 14:00:15 +0200
-
ettercap (1:0.8.0+git20141002-2) unstable; urgency=medium
* Update copyright file.
* Revert silence lintian tag conflicts-with-version.
(Closes: #763803)
* wrap-and-sort the debian directory.
-- Gianfranco Costamagna <email address hidden> Thu, 02 Oct 2014 16:38:45 +0200
-
ettercap (1:0.8.0+git20140910-1) unstable; urgency=medium
[ Gianfranco Costamagna ]
* Add appdata file
* New rc release. (Closes: #690158)
[ Barak A. Pearlmutter ]
* rename upstream point release using + instead of ~
* Single debian patch source option
-- Barak A. Pearlmutter <email address hidden> Sun, 14 Sep 2014 11:53:26 +0100
-
ettercap (1:0.8.0-14) unstable; urgency=medium
* Cherry-pick cf90ed9 to fix test suite failures with ubuntu
-Bsymbolic-functions flag. A big thanks to RAOF for the help.
* d/control: add some missing lua archs from debian/ports
!alpha !arm64 !hppa !m68k !ppc64 !sh4 !sparc64 !x32
-- Gianfranco Costamagna <email address hidden> Mon, 05 May 2014 11:54:19 +0200
-
ettercap (1:0.8.0-11) unstable; urgency=medium
* Removing ethtool as b-d for non linux kernels.
-- Gianfranco Costamagna <email address hidden> Tue, 11 Mar 2014 09:52:02 +0100
-
ettercap (1:0.7.6-1) unstable; urgency=low
[ Gianfranco Costamagna ]
* New upstream version
* Dropped version dependency for curl (fixed in cmake)
[ Barak A. Pearlmutter ]
* Tweak debian/watch to point to official upstream only
-- Barak A. Pearlmutter <email address hidden> Wed, 27 Mar 2013 11:44:17 +0000