Accepted awstats 6.4-1.1 (source all)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 4 Sep 2005 19:17:31 +0200
Source: awstats
Binary: awstats
Architecture: source all
Version: 6.4-1.1
Distribution: unstable
Urgency: high
Maintainer: Jonas Smedegaard <dr@jones.dk>
Changed-By: Frank Lichtenheld <djpig@debian.org>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 322591
Changes:
awstats (6.4-1.1) unstable; urgency=high
.
* Non-maintainer upload
* SECURITY UPDATE: Fix arbitrary command injection. (Closes: #322591)
Thanks to Martin Pitt for reporting the issue and providing the
patch.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
crafted referer URLs which contain Perl code.
- Patch taken from upstream CVS, and contained in 6.5 release.
* References:
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
Files:
3a3cca9f3b9283b5831945520ae5f740 581 web optional awstats_6.4-1.1.dsc
dee1895775f5e27fdaca8c91e85c3c3c 18210 web optional awstats_6.4-1.1.diff.gz
3da4615e7576ea7f799c3e8cbf1c6b2f 728234 web optional awstats_6.4-1.1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
iD8DBQFDGyyKQbn06FtxPfARAor0AKDNQd41HWvjLhWqpYDuozEk/D9djQCeMef/
6trN9ngXsbYk7uimUKRVUo4=
=H0sg
-----END PGP SIGNATURE-----
Accepted:
awstats_6.4-1.1.diff.gz
to pool/main/a/awstats/awstats_6.4-1.1.diff.gz
awstats_6.4-1.1.dsc
to pool/main/a/awstats/awstats_6.4-1.1.dsc
awstats_6.4-1.1_all.deb
to pool/main/a/awstats/awstats_6.4-1.1_all.deb
Reply to: