joey@infodrom.org (Martin Schulze) writes: > Package : awstats > Vulnerability : missing input sanitising > Problem type : remote > Debian-specific: no > CVE ID : CVE-2006-2237 > BugTraq ID : 17844 > Debian Bugs : 364443 365909 365910 The update for sarge does not fix the arbitrary code execution vulnerability mentioned in bug #365910. Hendrik