Martin Pitt
martin.pitt at ubuntu.com
Wed Nov 9 11:40:05 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Origin: Debian/unstable
Format: 1.7
Date: Wed, 09 Nov 2005 17:34:34 +0000
Source: awstats
Binary: awstats
Architecture: source
Version: 6.4-2
Distribution: dapper
Urgency: high
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 313093 316126 322591 322591
Changes:
awstats (6.4-2) unstable; urgency=low
.
[ Charles Fry ]
* New co-maintainer.
* Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf
<gwolf at gwolf.org>).
* Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to
Michael De Nil <michael at flex-it.be>).
.
[ Jonas Smedegaard ]
* Acknowledge NMU. Closes: bug#322591.
* Bump up watch version, and adjust the default command (we have moved
to SubVerSion).
* Add proto to URL in long description.
* User newer chown syntax in postinst (thanks to lintian).
.
awstats (6.4-1.1) unstable; urgency=high
.
* Non-maintainer upload
* SECURITY UPDATE: Fix arbitrary command injection. (Closes: #322591)
Thanks to Martin Pitt for reporting the issue and providing the
patch.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
Files:
2195106eae8f3549ce11cfb5bd0f72c8 18310 web optional awstats_6.4-2.diff.gz
2b7ad550a508b177bfb3a4bb0c327345 624 web optional awstats_6.4-2.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iQEVAwUBQ3IzKwF4adwMEr3XAQI01Qf/aoQfLJMdoJasG87WHO5snJ2lbyCm5ukB
0c7+03nami1F5Oyfmo5MFjubvzFERSbpv7XxkNQTjUovN7eUCG3+3dbCrL8B3CL9
sri1OOnlwv2jAxbLaKncu0Hyrr0Kc3ToATI/CkfYm2VnqcmxgsVkr4/mI0PjyF7e
14WRLGuWyPGMAcd1Q5WOXAC4Vdjz4W1I8y6u28C8mwr9kwGIHdQ0IMEljT74CiWl
cgjhbZQyUmh47apzUPaqL6KuRMMXeidxNS93l99ZhvF2lNcQCxEGre06xntEIjjW
btqZJg8a9HeFCXHFVYxignmkcqfk3IcsCvH0mWRf6YldZFd27YtUig==
=rl8U
-----END PGP SIGNATURE-----
Accepted:
awstats_6.4-2.diff.gz
to pool/main/a/awstats/awstats_6.4-2.diff.gz
awstats_6.4-2.dsc
to pool/main/a/awstats/awstats_6.4-2.dsc
More information about the dapper-changes
mailing list