Accepted awstats 6.2-1.2 (all source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 13 Feb 2005 14:02:07 -0500
Source: awstats
Binary: awstats
Architecture: source all
Version: 6.2-1.2
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Joey Hess <joeyh@debian.org>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 294488
Changes:
awstats (6.2-1.2) unstable; urgency=HIGH
.
* NMU with the following patch from Ubuntu. Closes: #294488
* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
"config", "pluginmode", "loadplugin", and "noloadplugin" parameters (which
are defined by the remote user) to prevent execution of arbitrary shell
commands through shell metacharacters.
* References:
CAN-2005-0362 for *plugin* variables
CAN-2005-0363 for the config variable
Files:
d05646bb703b728383f0a7e264df0d4f 581 web optional awstats_6.2-1.2.dsc
194070c529a1f7bf4861d8c06ac0f2f3 14616 web optional awstats_6.2-1.2.diff.gz
00fa26d7a4dd2f055940df6fc3bc8fbc 658660 web optional awstats_6.2-1.2_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCD6TG2tp5zXiKP0wRAkNfAKCEXNb5hKzlKincx8wicfHqOUDUfACeMGuC
VoIs+GHMHkU8zFAUDS6jXz4=
=yh+5
-----END PGP SIGNATURE-----
Accepted:
awstats_6.2-1.2.diff.gz
to pool/main/a/awstats/awstats_6.2-1.2.diff.gz
awstats_6.2-1.2.dsc
to pool/main/a/awstats/awstats_6.2-1.2.dsc
awstats_6.2-1.2_all.deb
to pool/main/a/awstats/awstats_6.2-1.2_all.deb
Reply to: