Debian
awstats package

  1. Bug #12019
  2. Comment #11

Comment 11 for bug 12019

Revision history for this message
In , Joey Hess (joeyh) wrote : Fixed in NMU of awstats 6.2-1.1

tag 291064 + fixed

quit

This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 20 Jan 2005 16:29:35 -0500
Source: awstats
Binary: awstats
Architecture: source all
Version: 6.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <email address hidden>
Changed-By: Joey Hess <email address hidden>
Description:
 awstats - powerful and featureful web server log analyzer
Closes: 291064
Changes:
 awstats (6.2-1.1) unstable; urgency=HIGH
 .
   * NMU with the following patch from Ubuntu. Closes: #291064
   * SECURITY UPDATE: fix arbitrary command execution
   * awstats/wwwroot/cgi-bin/awstats.pl: remove all non-path characters from
     the "configdir" parameter and the SiteConfig variable to prevent execution
     of arbitrary shell commands when open()'ing them.
   * References:
     CAN-2005-0116
     http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities
Files:
 fffb5cc23b2e3c0ac82ce1fc4dee65d9 581 web optional awstats_6.2-1.1.dsc
 a6f4d0b2766e57cd5e516880141ceb46 14128 web optional awstats_6.2-1.1.diff.gz
 61f5e222c974635e3f722e1df0577d32 658544 web optional awstats_6.2-1.1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFB8CPP2tp5zXiKP0wRAvhXAKCoMcyVV8l9SrGKJyk+nEpNzw5wYgCglZ08
czXEPNy80B1gHi0j5qEoeAw=
=Y6zL
-----END PGP SIGNATURE-----