Accepted awstats 6.4-1ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Thu Aug 11 11:30:02 CDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 11 Aug 2005 18:23:09 +0200
Source: awstats
Binary: awstats
Architecture: source
Version: 6.4-1ubuntu1
Distribution: breezy
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Changes:
awstats (6.4-1ubuntu1) breezy; urgency=low
.
* SECURITY UPDATE: Fix arbitrary command injection.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
Files:
4fb300881d92bbe9beb811a635cb8ae1 591 web optional awstats_6.4-1ubuntu1.dsc
9613da9868d156675e1561eea7811c8a 18214 web optional awstats_6.4-1ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFC+3xVDecnbV4Fd/IRAlcBAKDuRTsi66Rk12JeaiUSQ5E+r7CkmwCfRdU0
I0POoCVrA6W9HvLp4echWcc=
=wO2T
-----END PGP SIGNATURE-----
Accepted:
awstats_6.4-1ubuntu1.diff.gz
to pool/main/a/awstats/awstats_6.4-1ubuntu1.diff.gz
awstats_6.4-1ubuntu1.dsc
to pool/main/a/awstats/awstats_6.4-1ubuntu1.dsc
More information about the breezy-changes
mailing list