Bug#885835: marked as done (awstats: CVE-2017-1000501: path traversals in config and migrate parameter)
Your message dated Thu, 08 Feb 2018 21:17:30 +0000
with message-id <E1ejtZS-000HL4-MU@fasolo.debian.org>
and subject line Bug#885835: fixed in awstats 7.6+dfsg-1+deb9u1
has caused the Debian Bug report #885835,
regarding awstats: CVE-2017-1000501: path traversals in config and migrate parameter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
885835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: awstats: CVE-2017-1000501: path traversals in config and migrate parameter
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 30 Dec 2017 11:07:51 +0100
- Message-id: <151462847192.8633.14557445300962248770.reportbug@eldamar.local>
Source: awstats
Version: 7.6+dfsg-1
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for awstats.
CVE-2017-1000501[0]:
Path traversal flaws
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
[1] http://www.openwall.com/lists/oss-security/2017/12/29/1
[2] https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
[3] https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: awstats
Source-Version: 7.6+dfsg-1+deb9u1
We believe that the bug you reported is fixed in the latest version of
awstats, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 885835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Abhijith PA <abhijith@openmailbox.org> (supplier of updated awstats package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jan 2018 02:48:32 +0000
Source: awstats
Binary: awstats
Architecture: source all
Version: 7.6+dfsg-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Sergey B Kirpichev <skirpichev@gmail.com>
Changed-By: Abhijith PA <abhijith@openmailbox.org>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 885835
Changes:
awstats (7.6+dfsg-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix traversal flaw in the handling of the "config" and "migrate"
parameters (CVE-2017-1000501) (Closes: #885835)
Checksums-Sha1:
f5cf046211a253bcf8ee8e79bf407b69ff7677c8 1583 awstats_7.6+dfsg-1+deb9u1.dsc
6238c3cc189a2e66bab612b9b1c7aab14dd8cc2e 2949231 awstats_7.6+dfsg.orig.tar.gz
52fd775b5d8bfb1f880a409310f5ca4db838996a 37492 awstats_7.6+dfsg-1+deb9u1.debian.tar.xz
6d0e6d356443d2a34439c3865b7e5a53cbe849ad 2001340 awstats_7.6+dfsg-1+deb9u1_all.deb
145eaa180d8e93a230ea97aa098215d59bac8902 10005 awstats_7.6+dfsg-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
d0bbfbf942dbbc497bf63e3cfbbd00bc0cb1a8e55a112438981be8d46c33fd69 1583 awstats_7.6+dfsg-1+deb9u1.dsc
ac19025ba103e65a1799f947d26562c0dd116d76414b461ad564fa36936a634e 2949231 awstats_7.6+dfsg.orig.tar.gz
9c87bf93b56dcb521a740a8e9c2cbf425108cfcba1416f7ddeebb9a7868c48b4 37492 awstats_7.6+dfsg-1+deb9u1.debian.tar.xz
197dd45bfc1bfd56161ca030962f27b066fbc3ce2c1bef3f11a58988e545dee3 2001340 awstats_7.6+dfsg-1+deb9u1_all.deb
9ffa71317917172d28b109562dd5eb230d99363aa2e56245a0113b5b6d733585 10005 awstats_7.6+dfsg-1+deb9u1_amd64.buildinfo
Files:
a2a74313f439613d60f3a84c7e24d1b9 1583 web optional awstats_7.6+dfsg-1+deb9u1.dsc
3e0c2847f87aab80e2a220ccb56a860c 2949231 web optional awstats_7.6+dfsg.orig.tar.gz
8c0c1c96281777df7551c941457396da 37492 web optional awstats_7.6+dfsg-1+deb9u1.debian.tar.xz
c98aa66771d474c5cddcaaaade39ebb8 2001340 web optional awstats_7.6+dfsg-1+deb9u1_all.deb
0bd3c6e74e3ede578fa0e1d77543f4f5 10005 web optional awstats_7.6+dfsg-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlphqvwACgkQEL6Jg/PV
nWTsTAf/R5oWWgmw1mEPieoamzP3CTFa0FhL4+JXqaTsfZ44HKvYASvy3hs9FvLj
YA5ybL2KMg7npyWwiccSr/vfH/E+ZM/FCteGxt7SNtS2JWJacRHFebLYGmx+jwtQ
yKzFLI4gcgRVbzncssOC/brhTPTZl7a07H3xoQfYxTpFoSAN15TLVzW54R3H1EOB
6YZzCCpshAZ1sgtBlBUANVZETPHSkl0SZe1FdswF1W8SZdybesm80i8v5HaSKZQi
jgrWifOTowWX8mS3rXR54I+f2kMLhBCH1NFb2YPY34Vz3ZWOZ1GQuBk9+pUU/qqq
jsN9xoH2IAf0pFw2h8PbPSUHltFAhQ==
=CrQn
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: