Accepted awstats 6.2-1.1ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Fri Feb 11 06:30:02 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Fri, 11 Feb 2005 13:23:57 +0100
Source: awstats
Binary: awstats
Architecture: source
Version: 6.2-1.1ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Changes:
awstats (6.2-1.1ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
"config", "pluginmode", "loadplugin", and "noloadplugin" parameters (which
are defined by the remote user) to prevent execution of arbitrary shell
commands through shell metacharacters.
* References:
similar to CAN-2005-0116
http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
Files:
ef293a4340ad8ae745bf09912de268cc 595 web optional awstats_6.2-1.1ubuntu1.dsc
b1464b75b84a037f293daaf97fb54d47 14715 web optional awstats_6.2-1.1ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFCDKP8DecnbV4Fd/IRAidUAKC7PtRqCg+zwdIjNIWqTHQJRcotKwCfUviH
90+XbLFxRLbOtK8uDggWc4w=
=wwI6
-----END PGP SIGNATURE-----
Accepted:
awstats_6.2-1.1ubuntu1.diff.gz
to pool/main/a/awstats/awstats_6.2-1.1ubuntu1.diff.gz
awstats_6.2-1.1ubuntu1.dsc
to pool/main/a/awstats/awstats_6.2-1.1ubuntu1.dsc
More information about the hoary-changes
mailing list