Martin Pitt martin.pitt at ubuntu.com
Wed Nov 9 11:40:05 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: Debian/unstable
Format: 1.7
Date: Wed,  09 Nov 2005 17:34:34 +0000
Source: awstats
Binary: awstats
Architecture: source
Version: 6.4-2
Distribution: dapper
Urgency: high
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 awstats    - powerful and featureful web server log analyzer
Closes: 313093 316126 322591 322591
Changes: 
 awstats (6.4-2) unstable; urgency=low
 .
   [ Charles Fry ]
   * New co-maintainer.
   * Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf
     <gwolf at gwolf.org>).
   * Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to
     Michael De Nil <michael at flex-it.be>).
 .
   [ Jonas Smedegaard ]
   * Acknowledge NMU. Closes: bug#322591.
   * Bump up watch version, and adjust the default command (we have moved
     to SubVerSion).
   * Add proto to URL in long description.
   * User newer chown syntax in postinst (thanks to lintian).
 .
 awstats (6.4-1.1) unstable; urgency=high
 .
   * Non-maintainer upload
   * SECURITY UPDATE: Fix arbitrary command injection. (Closes: #322591)
     Thanks to Martin Pitt for reporting the issue and providing the
     patch.
   * Add debian/patches/03_remove_eval.patch:
     - Replace all eval() calls for dynamically constructed function names with
       soft references. This fixes arbitrary command injection with specially
       crafted referer URLs which contain Perl code.
     - Patch taken from upstream CVS, and contained in 6.5 release.
   * References:
     CAN-2005-1527
     http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
Files: 
 2195106eae8f3549ce11cfb5bd0f72c8 18310 web optional awstats_6.4-2.diff.gz
 2b7ad550a508b177bfb3a4bb0c327345 624 web optional awstats_6.4-2.dsc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iQEVAwUBQ3IzKwF4adwMEr3XAQI01Qf/aoQfLJMdoJasG87WHO5snJ2lbyCm5ukB
0c7+03nami1F5Oyfmo5MFjubvzFERSbpv7XxkNQTjUovN7eUCG3+3dbCrL8B3CL9
sri1OOnlwv2jAxbLaKncu0Hyrr0Kc3ToATI/CkfYm2VnqcmxgsVkr4/mI0PjyF7e
14WRLGuWyPGMAcd1Q5WOXAC4Vdjz4W1I8y6u28C8mwr9kwGIHdQ0IMEljT74CiWl
cgjhbZQyUmh47apzUPaqL6KuRMMXeidxNS93l99ZhvF2lNcQCxEGre06xntEIjjW
btqZJg8a9HeFCXHFVYxignmkcqfk3IcsCvH0mWRf6YldZFd27YtUig==
=rl8U
-----END PGP SIGNATURE-----


Accepted:
awstats_6.4-2.diff.gz
  to pool/main/a/awstats/awstats_6.4-2.diff.gz
awstats_6.4-2.dsc
  to pool/main/a/awstats/awstats_6.4-2.dsc

More information about the dapper-changes mailing list