This bug was fixed in the package logwatch - 7.3.6.cvs20090906-1ubuntu4
--------------- logwatch (7.3.6.cvs20090906-1ubuntu4) natty; urgency=low
* SECURITY UPDATE: privileged code execution via badly named logfiles - scripts/logwatch.pl: encapsulate logfiles in 's and ensure logfile names don't contain '. - http://logwatch.svn.sourceforge.net/viewvc/logwatch?view=revision&revision=26 - CVE-2011-1018 * debian/dist.conf/services/cron.conf: adjust to capture cron entries, thanks to Oliver Brakmann (LP: #719898) * scripts/services/named: update to upstream version to correctly capture more information (LP: #584229) - http://logwatch.svn.sourceforge.net/viewvc/logwatch/scripts/services/named?revision=19 * logwatch.8: replace examples containing obsolete --print argument with --output=stdout (LP: #564796) -- Steve Beattie <email address hidden> Wed, 02 Mar 2011 13:44:53 +0100
This bug was fixed in the package logwatch - 7.3.6.cvs200909 06-1ubuntu4
--------------- cvs20090906- 1ubuntu4) natty; urgency=low
logwatch (7.3.6.
* SECURITY UPDATE: privileged code execution via badly named logfiles logwatch. pl: encapsulate logfiles in 's and ensure logfile logwatch. svn.sourceforge .net/viewvc/ logwatch? view=revision& revision= 26 dist.conf/ services/ cron.conf: adjust to capture cron entries, services/ named: update to upstream version to correctly logwatch. svn.sourceforge .net/viewvc/ logwatch/ scripts/ services/ named?revision= 19
- scripts/
names don't contain '.
- http://
- CVE-2011-1018
* debian/
thanks to Oliver Brakmann (LP: #719898)
* scripts/
capture more information (LP: #584229)
- http://
* logwatch.8: replace examples containing obsolete --print argument
with --output=stdout (LP: #564796)
-- Steve Beattie <email address hidden> Wed, 02 Mar 2011 13:44:53 +0100