Accepted awstats 6.2-1ubuntu1 (source)
Martin Pitt
martin.pitt at ubuntu.com
Thu Jan 20 08:55:03 CST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 20 Jan 2005 15:45:28 +0100
Source: awstats
Binary: awstats
Architecture: source
Version: 6.2-1ubuntu1
Distribution: hoary
Urgency: low
Maintainer: Jonas Smedegaard <dr at jones.dk>
Changed-By: Martin Pitt <martin.pitt at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Changes:
awstats (6.2-1ubuntu1) hoary; urgency=low
.
* SECURITY UPDATE: fix arbitrary command execution
* awstats/wwwroot/cgi-bin/awstats.pl: remove all non-path characters from
the "configdir" parameter and the SiteConfig variable to prevent execution
of arbitrary shell commands when open()'ing them.
* References:
CAN-2005-0116
http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities
Files:
379c334fd3a75c49a945f3c0ebd6e9be 591 web optional awstats_6.2-1ubuntu1.dsc
c68f92f544cdb0bd1adc611ae5f1389e 14173 web optional awstats_6.2-1ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB78VJDecnbV4Fd/IRAgqbAJwOhvTP/1it4ToOrpDg7NdScbkJ9gCgqP25
gpv1+TOlwqgmzz+UJ+p0z8k=
=Ili0
-----END PGP SIGNATURE-----
Accepted:
awstats_6.2-1ubuntu1.diff.gz
to pool/main/a/awstats/awstats_6.2-1ubuntu1.diff.gz
awstats_6.2-1ubuntu1.dsc
to pool/main/a/awstats/awstats_6.2-1ubuntu1.dsc
More information about the hoary-changes
mailing list