Accepted awstats 6.2-1.2 (source)
Martin Pitt
martin.pitt at ubuntu.com
Mon Feb 14 12:25:01 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Origin: Debian/unstable
Format: 1.7
Date: Mon, 14 Feb 2005 18:21:11 +0000
Source: awstats
Binary: awstats
Architecture: source
Version: 6.2-1.2
Distribution: hoary
Urgency: high
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 294488
Changes:
awstats (6.2-1.2) unstable; urgency=HIGH
.
* NMU with the following patch from Ubuntu. Closes: #294488
* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
"config", "pluginmode", "loadplugin", and "noloadplugin" parameters (which
are defined by the remote user) to prevent execution of arbitrary shell
commands through shell metacharacters.
* References:
CAN-2005-0362 for *plugin* variables
CAN-2005-0363 for the config variable
Files:
d05646bb703b728383f0a7e264df0d4f 581 web optional awstats_6.2-1.2.dsc
194070c529a1f7bf4861d8c06ac0f2f3 14616 web optional awstats_6.2-1.2.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQEVAwUBQhDsFwF4adwMEr3XAQL+nAgAog+BJtkfKzh7R8w6ks3Eo2WLi9AQEt6r
7iV1iWc1fDmQjGgIT/ObuzSilFrffoNVRCKQ4eAHPcIkGIHYzAHKRyTTxHFJXLk0
YI7eiOc6X2uKrDGWdL5xwMMUHkvkBQBgKiEp+o1fC/xl3dSkf10z8mTSBELYCIye
u+aoPEeCe/UnrUy0yzk8MEw2zCHkzn8kx0QWReXdyegkE1RFVIIP8NmDM5gxryPC
dbmWM54VK/3qVdSl5+B5hzBHlCAyzA72ocBBPsGIhWZFooGdVbHCqrkTPqSJ/k45
SEW7e+4XVPyftjQrCG7HDFjGBwQ40d7pfcanrkvKMZWqhD/AR+mXsw==
=TYRX
-----END PGP SIGNATURE-----
Accepted:
awstats_6.2-1.2.diff.gz
to pool/main/a/awstats/awstats_6.2-1.2.diff.gz
awstats_6.2-1.2.dsc
to pool/main/a/awstats/awstats_6.2-1.2.dsc
More information about the hoary-changes
mailing list