Accepted awstats 6.3-1 (all source)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sat, 5 Feb 2005 17:13:48 +0100
Source: awstats
Binary: awstats
Architecture: source all
Version: 6.3-1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 291064 293668 293702 294488
Changes:
awstats (6.3-1) unstable; urgency=high
.
* New upstream release. Closes: bug#293702, #293668 (thanks to Nelson
A. de Oliveira <naoliv@biolinux.df.ibilce.unesp.br>).
+ Includes upstream fix for security bug fixed in 6.2-1.1.
+ Includes upstream fix for most of security bug fixed in 6.2-1.1.
* Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin
Schulze <joey@infodrom.org>, Martin Pitt <mpitt@debian.org>, Ubuntu,
Joey Hess <joeyh@debian.org>, Frank Lichtenheld <djpig@debian.org> and Steve
Langasek <vorlon@debian.org>).
* Include patch for last parts of security bug fixed in 6.2-1.1:
01_sanitize_more.patch.
* Patch (02) to include snapshot of recent development:
+ Fix security hole that allowed a user to read log file content
even when plugin rawlog was not enabled.
+ Fix a possible use of AWStats for a DoS attack.
+ configdir option was broken on windows servers.
+ DebugMessages is by default set to 0 for security reasons.
+ Minor fixes.
* References:
CAN-2005-0435 - read server logs via loadplugin and pluginmode
CAN-2005-0436 - code injection via PluginMode
CAN-2005-0437 - directory traversal via loadplugin
CAN-2005-0438 - information leak via debug
Files:
2dc54b77fee571afaba6074465ee79fb 577 web optional awstats_6.3-1.dsc
edb73007530a5800d53b9f1f90c88053 938794 web optional awstats_6.3.orig.tar.gz
daf739c6af548309a9724afaf2631a69 22093 web optional awstats_6.3-1.diff.gz
bafc77369b5e40d31b4df2f6ab0920d4 725768 web optional awstats_6.3-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (GNU/Linux)
iD8DBQFCFAagn7DbMsAkQLgRAhpOAJwKYtnURAoOq/P0xIttjMkPZLYQfACgocV7
R2oNSNdLPwJWHdDToQrCcJ8=
=ySLo
-----END PGP SIGNATURE-----
Accepted:
awstats_6.3-1.diff.gz
to pool/main/a/awstats/awstats_6.3-1.diff.gz
awstats_6.3-1.dsc
to pool/main/a/awstats/awstats_6.3-1.dsc
awstats_6.3-1_all.deb
to pool/main/a/awstats/awstats_6.3-1_all.deb
awstats_6.3.orig.tar.gz
to pool/main/a/awstats/awstats_6.3.orig.tar.gz
Reply to: