tag 291064 + fixed
quit
This message was generated automatically in response to a non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Format: 1.7 Date: Thu, 20 Jan 2005 16:29:35 -0500 Source: awstats Binary: awstats Architecture: source all Version: 6.2-1.1 Distribution: unstable Urgency: high Maintainer: Jonas Smedegaard <email address hidden> Changed-By: Joey Hess <email address hidden> Description: awstats - powerful and featureful web server log analyzer Closes: 291064 Changes: awstats (6.2-1.1) unstable; urgency=HIGH . * NMU with the following patch from Ubuntu. Closes: #291064 * SECURITY UPDATE: fix arbitrary command execution * awstats/wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the "configdir" parameter and the SiteConfig variable to prevent execution of arbitrary shell commands when open()'ing them. * References: CAN-2005-0116 http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities Files: fffb5cc23b2e3c0ac82ce1fc4dee65d9 581 web optional awstats_6.2-1.1.dsc a6f4d0b2766e57cd5e516880141ceb46 14128 web optional awstats_6.2-1.1.diff.gz 61f5e222c974635e3f722e1df0577d32 658544 web optional awstats_6.2-1.1_all.deb
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB8CPP2tp5zXiKP0wRAvhXAKCoMcyVV8l9SrGKJyk+nEpNzw5wYgCglZ08 czXEPNy80B1gHi0j5qEoeAw= =Y6zL -----END PGP SIGNATURE-----
tag 291064 + fixed
quit
This message was generated automatically in response to a
non-maintainer upload. The .changes file follows.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7 wwwroot/ cgi-bin/ awstats. pl: remove all non-path characters from www.idefense. com/application /poi/display? id=185& type=vulnerabil ities 0ac82ce1fc4dee6 5d9 581 web optional awstats_6.2-1.1.dsc cd5e516880141ce b46 14128 web optional awstats_ 6.2-1.1. diff.gz 5e3f722e1df0577 d32 658544 web optional awstats_ 6.2-1.1_ all.deb
Date: Thu, 20 Jan 2005 16:29:35 -0500
Source: awstats
Binary: awstats
Architecture: source all
Version: 6.2-1.1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <email address hidden>
Changed-By: Joey Hess <email address hidden>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 291064
Changes:
awstats (6.2-1.1) unstable; urgency=HIGH
.
* NMU with the following patch from Ubuntu. Closes: #291064
* SECURITY UPDATE: fix arbitrary command execution
* awstats/
the "configdir" parameter and the SiteConfig variable to prevent execution
of arbitrary shell commands when open()'ing them.
* References:
CAN-2005-0116
http://
Files:
fffb5cc23b2e3c
a6f4d0b2766e57
61f5e222c97463
-----BEGIN PGP SIGNATURE-----
5zXiKP0wRAvhXAK CoMcyVV8l9SrGKJ yk+nEpNzw5wYgCg lZ08 j5qEoeAw=
Version: GnuPG v1.2.5 (GNU/Linux)
iD8DBQFB8CPP2tp
czXEPNy80B1gHi0
=Y6zL
-----END PGP SIGNATURE-----