Version 0.8.8 came out 2012/12/06. I tested it with the fail2ban-0.8.7.1 ebuild and it works for me on AMD64. Reproducible: Always
* [83109bc] IMPORTANT: escape the content of <matches> (if used in custom action files) since its value could contain arbitrary symbols. Thanks for discovery go to the NBS System security team
Thanks, Mario and Jeroen. Arches, please test and mark stable =net-analyzer/fail2ban-0.8.8
x86 stable
amd64 stable
Stable for HPPA.
ppc stable
CVE-2012-5642 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5642): server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecified symbols in this content.
ppc64 stable
GLSA vote: no.
Can we close this bug? I guess GLSA is not required anymore. :)
NO too, closing.