Bug#885835: marked as done (awstats: CVE-2017-1000501: path traversals in config and migrate parameter)
Your message dated Sat, 10 Feb 2018 21:05:42 +0000
with message-id <E1ekcL8-000CLg-Om@fasolo.debian.org>
and subject line Bug#885835: fixed in awstats 7.2+dfsg-1+deb8u1
has caused the Debian Bug report #885835,
regarding awstats: CVE-2017-1000501: path traversals in config and migrate parameter
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)
--
885835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: awstats: CVE-2017-1000501: path traversals in config and migrate parameter
- From: Salvatore Bonaccorso <carnil@debian.org>
- Date: Sat, 30 Dec 2017 11:07:51 +0100
- Message-id: <151462847192.8633.14557445300962248770.reportbug@eldamar.local>
Source: awstats
Version: 7.6+dfsg-1
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for awstats.
CVE-2017-1000501[0]:
Path traversal flaws
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-1000501
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
[1] http://www.openwall.com/lists/oss-security/2017/12/29/1
[2] https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
[3] https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: awstats
Source-Version: 7.2+dfsg-1+deb8u1
We believe that the bug you reported is fixed in the latest version of
awstats, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 885835@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Abhijith PA <abhijith@openmailbox.org> (supplier of updated awstats package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 15 Jan 2018 11:18:18 +0530
Source: awstats
Binary: awstats
Architecture: source all
Version: 7.2+dfsg-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Sergey B Kirpichev <skirpichev@gmail.com>
Changed-By: Abhijith PA <abhijith@openmailbox.org>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 885835
Changes:
awstats (7.2+dfsg-1+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fix traversal flaw in the handling of the "config" and "migrate"
parameters (CVE-2017-1000501) (Closes: #885835)
Checksums-Sha1:
9c74214c5f9a7e43fdcce925414b489b522c131a 1583 awstats_7.2+dfsg-1+deb8u1.dsc
7feee2245e1824a48797a25c933820eaf5b546c6 1274461 awstats_7.2+dfsg.orig.tar.gz
cbf0577e9c3cd419299fd22a2116e1b49b14bf1e 35864 awstats_7.2+dfsg-1+deb8u1.debian.tar.xz
2c0274e70c43b4030049c31814c4abc69f09050b 833350 awstats_7.2+dfsg-1+deb8u1_all.deb
Checksums-Sha256:
3b0612aa16626bf4594b3f97ba09f029eaadad97feac48085c86985618ccccb7 1583 awstats_7.2+dfsg-1+deb8u1.dsc
312f9b4b90bb9ca12722fb6327e28bda61dfa8c0aef83241054087b8656fa002 1274461 awstats_7.2+dfsg.orig.tar.gz
7af8862bc1b11031aeb00560d693c8cc9a0c0901097e28fbc366466a3f4e403e 35864 awstats_7.2+dfsg-1+deb8u1.debian.tar.xz
42a23abb8c9a3dd79bafaeada4013fcf66517199cb0ba616ad71b1f07594a6e8 833350 awstats_7.2+dfsg-1+deb8u1_all.deb
Files:
1a053e528ba8a290731ee4e32f011f55 1583 web optional awstats_7.2+dfsg-1+deb8u1.dsc
5327b3845c4715774abe1f0a31940140 1274461 web optional awstats_7.2+dfsg.orig.tar.gz
7c0a8dc76e5504fb0e2ef760c1b4b78f 35864 web optional awstats_7.2+dfsg-1+deb8u1.debian.tar.xz
d9d4d74d2c0a1108bff6f6674346d2f8 833350 web optional awstats_7.2+dfsg-1+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAlphqQMACgkQEL6Jg/PV
nWRLZggAq6NxmS2D3m0JA8yv8t9r0dGrOZi8Thz3WT6liE4380YYiZ6I0zXyWZ6S
zW4KJF7mLYLA41F8OtBsOYFGGEqozKJ8fCNw/8zk+SVDUOdu3yUJv0UDnFSGXSjs
s4CTY2JABgtnnzCo0h/fxTMHUTnS40FctpzPSjCkLcVQgmGDeViXbj2yUq/d5l1S
WUHbJBFIgZfC6qo0gdIu2rVzhPbi27VQ/UJBd608y8OS5QjMsyaPk1ZFkLwlAoCR
Lt9hbhoP9bUNd1iSP3c3bZ8FTZec4MU/pqJM3HWt3WdOWD/K0eo9WIvQTwqvmnWw
mnDlqqACcQGPAfprZmqy0+SdXMQgnA==
=CZtc
-----END PGP SIGNATURE-----
--- End Message ---
Reply to: