Accepted awstats 6.3-1 (source)

Martin Pitt martin.pitt at ubuntu.com
Mon Feb 21 03:35:05 CST 2005 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Origin: Debian/unstable
Format: 1.7
Date: Mon,  21 Feb 2005 09:30:19 +0000
Source: awstats
Binary: awstats
Architecture: source
Version: 6.3-1
Distribution: hoary
Urgency: high
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description: 
 awstats    - powerful and featureful web server log analyzer
Closes: 291064 293668 293702 294488
Changes: 
 awstats (6.3-1) unstable; urgency=high
 .
   * New upstream release. Closes: bug#293702, #293668 (thanks to Nelson
     A. de Oliveira <naoliv at biolinux.df.ibilce.unesp.br>).
     + Includes upstream fix for security bug fixed in 6.2-1.1.
     + Includes upstream fix for most of security bug fixed in 6.2-1.1.
   * Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin
     Schulze <joey at infodrom.org>, Martin Pitt <mpitt at debian.org>, Ubuntu,
     Joey Hess <joeyh at debian.org>, Frank Lichtenheld <djpig at debian.org> and Steve
     Langasek <vorlon at debian.org>).
   * Include patch for last parts of security bug fixed in 6.2-1.1:
     01_sanitize_more.patch.
   * Patch (02) to include snapshot of recent development:
     + Fix security hole that allowed a user to read log file content
       even when plugin rawlog was not enabled.
     + Fix a possible use of AWStats for a DoS attack.
     + configdir option was broken on windows servers.
     + DebugMessages is by default set to 0 for security reasons.
     + Minor fixes.
   * References:
     CAN-2005-0435 - read server logs via loadplugin and pluginmode
     CAN-2005-0436 - code injection via PluginMode
     CAN-2005-0437 - directory traversal via loadplugin
     CAN-2005-0438 - information leak via debug
Files: 
 2dc54b77fee571afaba6074465ee79fb 577 web optional awstats_6.3-1.dsc
 daf739c6af548309a9724afaf2631a69 22093 web optional awstats_6.3-1.diff.gz
 edb73007530a5800d53b9f1f90c88053 938794 web optional awstats_6.3.orig.tar.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iQEVAwUBQhmqKwF4adwMEr3XAQLMrQgAlT02jn6LMyxtJhRmTJcUnk35hhXXUaBk
k/qFfb7lq3WEg5qsGrBPmG7aXo3I5x5HAQ8KrMKPWNVLZXSmRFYk19af5LhELDeG
2/07IaDIVR23VhktcmR+kQNALTifOys64K6o2OOd0HBcXwu91R6HI3fyjcRBsatQ
71mIbi/oF+/aXF1i2A29g1xrNypJR0CKCiftceoHn0DNYKV03/ryZPLQmFgsCKtH
y6ba++L52BwjRgxcE6J/iG47+gYsWs1jbBRRIe8ABPajCy8bDjx2GulIy2L6RJ3f
ksT8Ugoxv9BkXaFqRkIbYVCqzSdalkjeidvLA4axZMspOBhCcRHdmQ==
=uya6
-----END PGP SIGNATURE-----


Accepted:
awstats_6.3-1.diff.gz
  to pool/main/a/awstats/awstats_6.3-1.diff.gz
awstats_6.3-1.dsc
  to pool/main/a/awstats/awstats_6.3-1.dsc
awstats_6.3.orig.tar.gz
  to pool/main/a/awstats/awstats_6.3.orig.tar.gz

More information about the hoary-changes mailing list