CVE-2008-1804: possibility to bypass detection rules

Debian Bug report logs - #483160
CVE-2008-1804: possibility to bypass detection rules

Toggle useless messages

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: Debian Bug Tracking System <submit@bugs.debian.org>

Subject: CVE-2008-1804: possibility to bypass detection rules

Date: Wed, 28 May 2008 01:11:44 +1000

Package: snort
Severity: grave
Tags: security
Justification: user security hole

Hi

The following CVE(0) has been issued against snort.

CVE-2008-1804:

preprocessors/spp_frag3.c in Sourcefire Snort before 2.8.1 does not
properly identify packet fragments that have dissimilar TTL values,
which allows remote attackers to bypass detection rules by using a
different TTL for each fragment.

The upstream patch is here(1), but I guess it has to be backported.


In case you fix this issue by an upload, please mention the CVE id in
your changelog.

Cheers
Steffen

(0): http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1804

(1): http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h

Message #10 received at 483160@bugs.debian.org (full text, mbox, reply):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>

To: Steffen Joeris <steffen.joeris@skolelinux.de>, 483160@bugs.debian.org

Cc: control@bugs.debian.org

Subject: Re: Bug#483160: CVE-2008-1804: possibility to bypass detection rules

Date: Wed, 28 May 2008 00:43:54 +0200

severity 483160 important
thanks

On Wed, May 28, 2008 at 01:11:44AM +1000, Steffen Joeris wrote:
> Package: snort
> Severity: grave
> Tags: security
> Justification: user security hole

This is hardly a grave bug. Bypassing IDS has been possible since they were
first invented, after all they are just a 'network signature matcher'.

I'm reducing the severity but keeping the security tag. 

Javier

Message #17 received at 483160@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <jmm@inutil.org>

To: Steffen Joeris <steffen.joeris@skolelinux.de>, 483160@bugs.debian.org

Subject: Re: Bug#483160: CVE-2008-1804: possibility to bypass detection rules

Date: Sun, 5 Oct 2008 11:25:15 +0200

On Wed, May 28, 2008 at 12:43:54AM +0200, Javier Fernández-Sanguino Peña wrote:
> severity 483160 important
> thanks
> 
> On Wed, May 28, 2008 at 01:11:44AM +1000, Steffen Joeris wrote:
> > Package: snort
> > Severity: grave
> > Tags: security
> > Justification: user security hole
> 
> This is hardly a grave bug. Bypassing IDS has been possible since they were
> first invented, after all they are just a 'network signature matcher'.
> 
> I'm reducing the severity but keeping the security tag. 

What's the status? Is there a patch for Lenny?

Cheers,
        Moritz

Message #22 received at 483160@bugs.debian.org (full text, mbox, reply):

From: Steffen Joeris <steffen.joeris@skolelinux.de>

To: 483160@bugs.debian.org

Cc: Moritz Muehlenhoff <jmm@inutil.org>

Subject: Re: Bug#483160: CVE-2008-1804: possibility to bypass detection rules

Date: Tue, 7 Oct 2008 01:08:09 +1100

[Message part 1 (text/plain, inline)]

On Sun, 5 Oct 2008 08:25:15 pm Moritz Muehlenhoff wrote:
> On Wed, May 28, 2008 at 12:43:54AM +0200, Javier Fernández-Sanguino Peña 
wrote:
> > severity 483160 important
> > thanks
> >
> > On Wed, May 28, 2008 at 01:11:44AM +1000, Steffen Joeris wrote:
> > > Package: snort
> > > Severity: grave
> > > Tags: security
> > > Justification: user security hole
> >
> > This is hardly a grave bug. Bypassing IDS has been possible since they
> > were first invented, after all they are just a 'network signature
> > matcher'.
> >
> > I'm reducing the severity but keeping the security tag.
>
> What's the status? Is there a patch for Lenny?
Thanks for reminding me. This[0] should do it for lenny.
Javier can you confirm that it works? I haven't tested it yet.

Cheers
Steffen

[0]: 
http://cvs.snort.org/viewcvs.cgi/snort/src/preprocessors/spp_frag3.c.diff?r1=text&tr1=1.46.2.4&r2=text&tr2=1.46.2.5&diff_format=h

[signature.asc (application/pgp-signature, inline)]

Message #29 received at 483160@bugs.debian.org (full text, mbox, reply):

From: Javier Fernández-Sanguino Peña <jfs@computer.org>

To: Steffen Joeris <steffen.joeris@skolelinux.de>, 483160@bugs.debian.org

Subject: Re: Bug#483160: CVE-2008-1804: possibility to bypass detection rules

Date: Wed, 22 Oct 2008 01:36:29 +0200

[Message part 1 (text/plain, inline)]

On Wed, May 28, 2008 at 01:11:44AM +1000, Steffen Joeris wrote:
> The upstream patch is here(1), but I guess it has to be backported.

I have used upstream's patch with some slight massaging (very minimal) and
will upload Snort 2.7.0 packages with this patch shortly.

Regards

Javier

[signature.asc (application/pgp-signature, inline)]

Message #34 received at 483160-close@bugs.debian.org (full text, mbox, reply):

From: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>

To: 483160-close@bugs.debian.org

Subject: Bug#483160: fixed in snort 2.7.0-20

Date: Wed, 22 Oct 2008 02:17:06 +0000

Source: snort
Source-Version: 2.7.0-20

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:

snort-common-libraries_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-common-libraries_2.7.0-20_i386.deb
snort-common_2.7.0-20_all.deb
  to pool/main/s/snort/snort-common_2.7.0-20_all.deb
snort-doc_2.7.0-20_all.deb
  to pool/main/s/snort/snort-doc_2.7.0-20_all.deb
snort-mysql_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-mysql_2.7.0-20_i386.deb
snort-pgsql_2.7.0-20_i386.deb
  to pool/main/s/snort/snort-pgsql_2.7.0-20_i386.deb
snort-rules-default_2.7.0-20_all.deb
  to pool/main/s/snort/snort-rules-default_2.7.0-20_all.deb
snort_2.7.0-20.diff.gz
  to pool/main/s/snort/snort_2.7.0-20.diff.gz
snort_2.7.0-20.dsc
  to pool/main/s/snort/snort_2.7.0-20.dsc
snort_2.7.0-20_i386.deb
  to pool/main/s/snort/snort_2.7.0-20_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@debian.org> (supplier of updated snort package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Wed, 22 Oct 2008 01:33:34 +0200
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20
Distribution: unstable
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Description: 
 snort      - flexible Network Intrusion Detection System
 snort-common - flexible Network Intrusion Detection System [common files]
 snort-common-libraries - flexible Network Intrusion Detection System ruleset
 snort-doc  - Documentation for the Snort IDS [documentation]
 snort-mysql - flexible Network Intrusion Detection System [MySQL]
 snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
 snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes: 
 snort (2.7.0-20) unstable; urgency=high
 .
   [ CVE-2008-1804 ]
   * Fix error in preprocessors/spp_frag3.c that prevented Snort from properly
     identifying packet fragments that had dissimilar TTL values, which allowed
     remote attackers to bypass detection rules by using a different TTL for
     each fragment. Also update src/generators.h to include the new FRAG3_MIN_TTL
     defines (Closes: #483160)
Checksums-Sha1: 
 5715d78589ebcd157fe4de64ca9536e6e2d32747 1392 snort_2.7.0-20.dsc
 8b5448d1cd5c8748e84bedc0e1cbc6709be598a3 1600986 snort_2.7.0-20.diff.gz
 1dff864fa77db23f776ceb392ad5efdc568bee8c 463238 snort_2.7.0-20_i386.deb
 adbdbd534bd5ad00a40a9f386080e9faa890fc84 474122 snort-mysql_2.7.0-20_i386.deb
 b9baa99b56161fdbf8b23569951b03adb81e3947 473916 snort-pgsql_2.7.0-20_i386.deb
 fb9f4d3d261c27fecdd43901db7a45de36cc0b1c 244248 snort-common-libraries_2.7.0-20_i386.deb
 1dcbe60912b411c6eb3632e6b7604cf4cfb12673 147070 snort-common_2.7.0-20_all.deb
 27325930bd2638927318035c41a19f789729d95d 2303508 snort-doc_2.7.0-20_all.deb
 87668a8c29c6c226401bf5e37d0cb3af460d4cb5 401880 snort-rules-default_2.7.0-20_all.deb
Checksums-Sha256: 
 c737aa9a89f68e1cb9e4abf6748c28e400ee6ce9dafebce2f561ba8a6cd8dcef 1392 snort_2.7.0-20.dsc
 ba7a2d81fcbca7ab248c7c84d50dde6319307260b069343c77baf5c71fdb9043 1600986 snort_2.7.0-20.diff.gz
 444d212f3a2b664f82115c009870fd6c3337ba8193e46721f66ae9ca9c385cc7 463238 snort_2.7.0-20_i386.deb
 1cde6e6d00a1123d6743d73b43b818577870a880bb55ba43f149e8d7b463b2e1 474122 snort-mysql_2.7.0-20_i386.deb
 1f02d8e9cd366bd737047e1c23d9b79c897b663d0e3d8fb600637bdf0971b535 473916 snort-pgsql_2.7.0-20_i386.deb
 460eecd5b7cc7f51324e7ab18cd313093afc04f8b38f2b293c2bfbd4ed39aefa 244248 snort-common-libraries_2.7.0-20_i386.deb
 57eaa708f33376bc44c95026fb257008a0ab285b7818d0405b7cb4e60bffa796 147070 snort-common_2.7.0-20_all.deb
 93e33bd93419998219f526f2003346ec6ad22a45e1ed3afa7991075365fb2197 2303508 snort-doc_2.7.0-20_all.deb
 2e4489f329852a2a0511ab3a144605c05a1379fbb4400d0b5abbf88ffc8bfabe 401880 snort-rules-default_2.7.0-20_all.deb
Files: 
 1cf8829fdd97bf0fdf90d71598947694 1392 net optional snort_2.7.0-20.dsc
 575397c4d234682d1a9de7b241d9a295 1600986 net optional snort_2.7.0-20.diff.gz
 ac136017e54de303248242c8ed4638e4 463238 net optional snort_2.7.0-20_i386.deb
 3ead32c6482452f8fc2a78b647020dbb 474122 net extra snort-mysql_2.7.0-20_i386.deb
 34a59ec79df1d783d20ed0bf79585d0a 473916 net optional snort-pgsql_2.7.0-20_i386.deb
 d9cf262932eb3359b4d04715be10cff8 244248 net optional snort-common-libraries_2.7.0-20_i386.deb
 be86e329b462da4794d942dde7093a35 147070 net optional snort-common_2.7.0-20_all.deb
 24d43dad8958e5513f85c51b77728128 2303508 doc optional snort-doc_2.7.0-20_all.deb
 16389418423eac368f7c8605c9457a28 401880 net optional snort-rules-default_2.7.0-20_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFI/oYfsandgtyBSwkRAiwqAJsFG1qdFefeX034fyQ7urNmWb2QngCfdA/l
xTlXqycQmaPuUbWPzm6KEQY=
=ZrON
-----END PGP SIGNATURE-----

Message #39 received at 483160-close@bugs.debian.org (full text, mbox, reply):

From: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>

To: 483160-close@bugs.debian.org

Subject: Bug#483160: fixed in snort 2.7.0-20.1

Date: Tue, 28 Oct 2008 21:17:14 +0000

Source: snort
Source-Version: 2.7.0-20.1

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:

snort-common-libraries_2.7.0-20.1_i386.deb
  to pool/main/s/snort/snort-common-libraries_2.7.0-20.1_i386.deb
snort-common_2.7.0-20.1_all.deb
  to pool/main/s/snort/snort-common_2.7.0-20.1_all.deb
snort-doc_2.7.0-20.1_all.deb
  to pool/main/s/snort/snort-doc_2.7.0-20.1_all.deb
snort-mysql_2.7.0-20.1_i386.deb
  to pool/main/s/snort/snort-mysql_2.7.0-20.1_i386.deb
snort-pgsql_2.7.0-20.1_i386.deb
  to pool/main/s/snort/snort-pgsql_2.7.0-20.1_i386.deb
snort-rules-default_2.7.0-20.1_all.deb
  to pool/main/s/snort/snort-rules-default_2.7.0-20.1_all.deb
snort_2.7.0-20.1.dsc
  to pool/main/s/snort/snort_2.7.0-20.1.dsc
snort_2.7.0-20.1.tar.gz
  to pool/main/s/snort/snort_2.7.0-20.1.tar.gz
snort_2.7.0-20.1_i386.deb
  to pool/main/s/snort/snort_2.7.0-20.1_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@debian.org> (supplier of updated snort package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Oct 2008 21:32:48 +0100
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20.1
Distribution: unstable
Urgency: low
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Description: 
 snort      - flexible Network Intrusion Detection System
 snort-common - flexible Network Intrusion Detection System [common files]
 snort-common-libraries - flexible Network Intrusion Detection System ruleset
 snort-doc  - Documentation for the Snort IDS [documentation]
 snort-mysql - flexible Network Intrusion Detection System [MySQL]
 snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
 snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes: 
 snort (2.7.0-20.1) unstable; urgency=low
 .
   * Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see
     below). This package cannot go through sid since the sid build uses
     a newer libpcre version not available in lenny. (Closes: #483160)
Checksums-Sha1: 
 117d833139546dcd534f884249127fd77586a026 1159 snort_2.7.0-20.1.dsc
 c3bf0df8afa1439657a20fa13e3fb918938e65fc 4706566 snort_2.7.0-20.1.tar.gz
 592bd6a526d8fc6ae87809c9d1cca46d807618d5 463308 snort_2.7.0-20.1_i386.deb
 08c320a58b4eb2b18413c47b974bf16a419f42c6 474258 snort-mysql_2.7.0-20.1_i386.deb
 61cf1d10cd172a1e451eb2c5c31520703ffd047e 474070 snort-pgsql_2.7.0-20.1_i386.deb
 70dffa5426708d3f55279d3c676db8b31b1de3d3 244370 snort-common-libraries_2.7.0-20.1_i386.deb
 66f4f1bfc30ebbd1dccd5f85d17c8902244727f3 147180 snort-common_2.7.0-20.1_all.deb
 70a4d0198e9786fa6d2aec022193ba9aa0b2af13 2303660 snort-doc_2.7.0-20.1_all.deb
 9e171a0250c2ed8accbedf24d2cb47ea34b29e9b 401984 snort-rules-default_2.7.0-20.1_all.deb
Checksums-Sha256: 
 958cfd7fc9bb6e56fdfb05307bf86a053bf98d18f9163e9b64cf3c0fadea09a5 1159 snort_2.7.0-20.1.dsc
 98426744c70d4532376bf4219a2c3b39fd3f76a14f2efbd437ea081bab6803d2 4706566 snort_2.7.0-20.1.tar.gz
 df619b173a42559a79999356a4a9ba1c3be4d54f7de0039a43d319ea4db1baa9 463308 snort_2.7.0-20.1_i386.deb
 199e1b88731e2a01f250cd8d2098937dbbbd810300b6e5d779f67d761a57f1cb 474258 snort-mysql_2.7.0-20.1_i386.deb
 0af933023785faf32c4dfb4159252858d2ab91c208c11a2acf445b2e950695e1 474070 snort-pgsql_2.7.0-20.1_i386.deb
 e2b5fddaeb7ba77b9cdd5259f028eaf5263865fe7de765ab8c874b2096e91785 244370 snort-common-libraries_2.7.0-20.1_i386.deb
 be63a4a99193c9ca5573b4eacb7082be013f7c6e0efcd083eb0dadfd4583b387 147180 snort-common_2.7.0-20.1_all.deb
 1f166b49e531b037a0f4e371c10d772b47c7b4d92e591b4695c237480ddf90a8 2303660 snort-doc_2.7.0-20.1_all.deb
 05f221c5b20766bdc040480826de6bbd65fc79bcfae8cd39a95b17d38feca4bc 401984 snort-rules-default_2.7.0-20.1_all.deb
Files: 
 7255a25d2a487e1d88d752adfc190661 1159 net optional snort_2.7.0-20.1.dsc
 57ab3e2c212726f9d0e8fc691853dda8 4706566 net optional snort_2.7.0-20.1.tar.gz
 ee3f544296786ed1ae1369cae0342f4b 463308 net optional snort_2.7.0-20.1_i386.deb
 d1fc7800ddd45a30fd00310db98a500c 474258 net extra snort-mysql_2.7.0-20.1_i386.deb
 61042d53bfa98cfcba9e3833bbf6ea1c 474070 net optional snort-pgsql_2.7.0-20.1_i386.deb
 9219f169fd29ef4634f4748821476878 244370 net optional snort-common-libraries_2.7.0-20.1_i386.deb
 66bf4eef6170a88859f372f02acee759 147180 net optional snort-common_2.7.0-20.1_all.deb
 ed3988869fbf939a2d429499b0e9e536 2303660 doc optional snort-doc_2.7.0-20.1_all.deb
 ef0decc0ed9014849dac49aac0bfc584 401984 net optional snort-rules-default_2.7.0-20.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJB3uTsandgtyBSwkRAhDYAJ9JxOKoBr5awSSY4/Jo8aSHGYz0zACfQRwH
hn6iuIA7uxbCYahcCS5wCY0=
=TIBm
-----END PGP SIGNATURE-----

Message #44 received at 483160-close@bugs.debian.org (full text, mbox, reply):

From: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>

To: 483160-close@bugs.debian.org

Subject: Bug#483160: fixed in snort 2.7.0-20.2

Date: Tue, 28 Oct 2008 23:47:06 +0000

Source: snort
Source-Version: 2.7.0-20.2

We believe that the bug you reported is fixed in the latest version of
snort, which is due to be installed in the Debian FTP archive:

snort-common-libraries_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-common-libraries_2.7.0-20.2_i386.deb
snort-common_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-common_2.7.0-20.2_all.deb
snort-doc_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-doc_2.7.0-20.2_all.deb
snort-mysql_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-mysql_2.7.0-20.2_i386.deb
snort-pgsql_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort-pgsql_2.7.0-20.2_i386.deb
snort-rules-default_2.7.0-20.2_all.deb
  to pool/main/s/snort/snort-rules-default_2.7.0-20.2_all.deb
snort_2.7.0-20.2.dsc
  to pool/main/s/snort/snort_2.7.0-20.2.dsc
snort_2.7.0-20.2.tar.gz
  to pool/main/s/snort/snort_2.7.0-20.2.tar.gz
snort_2.7.0-20.2_i386.deb
  to pool/main/s/snort/snort_2.7.0-20.2_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 483160@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javier Fernandez-Sanguino Pen~a <jfs@debian.org> (supplier of updated snort package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Tue, 28 Oct 2008 21:32:48 +0100
Source: snort
Binary: snort snort-common snort-doc snort-mysql snort-pgsql snort-rules-default snort-common-libraries
Architecture: source i386 all
Version: 2.7.0-20.2
Distribution: testing-proposed-updates
Urgency: high
Maintainer: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Changed-By: Javier Fernandez-Sanguino Pen~a <jfs@debian.org>
Description: 
 snort      - flexible Network Intrusion Detection System
 snort-common - flexible Network Intrusion Detection System [common files]
 snort-common-libraries - flexible Network Intrusion Detection System ruleset
 snort-doc  - Documentation for the Snort IDS [documentation]
 snort-mysql - flexible Network Intrusion Detection System [MySQL]
 snort-pgsql - flexible Network Intrusion Detection System [PostgreSQL]
 snort-rules-default - flexible Network Intrusion Detection System ruleset
Closes: 483160
Changes: 
 snort (2.7.0-20.2) testing-proposed-updates; urgency=high
 .
   * Upload to testing-proposed-updates to fix security bug CVE-2008-1804 (see
     below). This package cannot go through sid since the sid build uses
     a newer libpcre version not available in lenny. (Closes: #483160)
Checksums-Sha1: 
 11c814ecf3458b7fa5ecbba21dcf1f5b8eef9356 1159 snort_2.7.0-20.2.dsc
 4677e65e5a90431e8edfd245cceaa3a4f24ff3f1 4706542 snort_2.7.0-20.2.tar.gz
 704a382ae51ba5ded94c43020f6104983d74b321 463306 snort_2.7.0-20.2_i386.deb
 f189c1b15d57abab99036e1744578a2f4b9c1052 474262 snort-mysql_2.7.0-20.2_i386.deb
 92648eb74dcb3a506963cda9067cb57bd8c97f7e 474066 snort-pgsql_2.7.0-20.2_i386.deb
 15c709f15d61ec6f4986dad742611c6ea6cec790 244386 snort-common-libraries_2.7.0-20.2_i386.deb
 3422a0cd6d9b3dc7159818f9f89e202dd01460d3 147192 snort-common_2.7.0-20.2_all.deb
 aba4e7bb1290ccad1ffba4374ddd0b22968b3fc1 2303642 snort-doc_2.7.0-20.2_all.deb
 9bd77859a670f5e61e63ab47b3c6f0029360502c 401990 snort-rules-default_2.7.0-20.2_all.deb
Checksums-Sha256: 
 d0a134ed1363abdf6efda6f8314d5610c298ca037c8009f09cf20f89830ea4ef 1159 snort_2.7.0-20.2.dsc
 62aadabe12b71b34ae471852999063c448b4e7a88af771a074a78f512e6011c8 4706542 snort_2.7.0-20.2.tar.gz
 864ecbafc71d79f5ebc13d880cbbd4aed6b012df9dbc0f302e77bb6ab52176d2 463306 snort_2.7.0-20.2_i386.deb
 879d3803d45d6d8d98b6a47e862ec2626961bb98c57ac4083dfcdaf9c2e9b7d6 474262 snort-mysql_2.7.0-20.2_i386.deb
 82f60f51e495625dfe012081ab5c4db7fc94db3a10df48b091bf3598c90db06b 474066 snort-pgsql_2.7.0-20.2_i386.deb
 24600555157060678bb22ac982c6a4f2a291c2ccb332234f278b8bb8e19ccf29 244386 snort-common-libraries_2.7.0-20.2_i386.deb
 258d529621b0a321b1aa6571f5b3a1d9f1f9b5b8da934c1455ed93fba1c75d74 147192 snort-common_2.7.0-20.2_all.deb
 11a7312188d720cf35899e9717d4e74d10dcd5dfbcc6a317ee00f41f2605da34 2303642 snort-doc_2.7.0-20.2_all.deb
 a2eb936eeecf3394473f86acc353142351fc6b34f9440a3054236ce29bad4fe4 401990 snort-rules-default_2.7.0-20.2_all.deb
Files: 
 f1902496c3fa1f3ce3fca4e316c0b13c 1159 net optional snort_2.7.0-20.2.dsc
 a18544065a34cbf82c9e6e7f9f0f2620 4706542 net optional snort_2.7.0-20.2.tar.gz
 71bdbfbff5007f130331e17ce2adfdd4 463306 net optional snort_2.7.0-20.2_i386.deb
 6d695ca672f19c8e9fefccfadb62e025 474262 net extra snort-mysql_2.7.0-20.2_i386.deb
 ecb949d80bd36b509a150921630f2f26 474066 net optional snort-pgsql_2.7.0-20.2_i386.deb
 481815960dde1211fe482c67094aa0b3 244386 net optional snort-common-libraries_2.7.0-20.2_i386.deb
 cf75ebc8a2805e4efce17e4569fb53d8 147192 net optional snort-common_2.7.0-20.2_all.deb
 e5d9140fad0dd7f964a94ceed3ebd67b 2303642 doc optional snort-doc_2.7.0-20.2_all.deb
 e34cbf9c10e4a9bf9952ce1709e0dac9 401990 net optional snort-rules-default_2.7.0-20.2_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFJB6G6sandgtyBSwkRAt6VAJ90K14fzQl+TyK/RllO7Qo1qgsqqQCcD6MG
FF3wvaLotz3YhsEvz6zlybQ=
=rkC+
-----END PGP SIGNATURE-----

Send a report that this bug log contains spam.