Re: [SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution

To: debian-security@lists.debian.org
Cc: joey@infodrom.org
Subject: Re: [SECURITY] [DSA 1058-1] New awstats packages fix arbitrary command execution
From: Hendrik Weimer <hendrik@enyo.de>
Date: Fri, 19 May 2006 15:06:27 +0200
Message-id: <[🔎] 867j4iw4do.fsf@gienah.enyo.de>
In-reply-to: <m1FglM8-000okjC@finlandia.Infodrom.North.DE> (Martin Schulze's message of "Thu, 18 May 2006 18:28:08 +0200 (CEST)")
References: <m1FglM8-000okjC@finlandia.Infodrom.North.DE>

joey@infodrom.org (Martin Schulze) writes:

> Package        : awstats
> Vulnerability  : missing input sanitising
> Problem type   : remote
> Debian-specific: no
> CVE ID         : CVE-2006-2237
> BugTraq ID     : 17844
> Debian Bugs    : 364443 365909 365910

The update for sarge does not fix the arbitrary code execution
vulnerability mentioned in bug #365910.

Hendrik

Reply to:

Prev by Date: Re: INFECTED (PORTS: 600)
Next by Date: Re: [SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
Previous by thread: Re: password minimum days problem
Next by thread: Re: [SECURITY] [DSA 1059-1] New quagga packages fix several vulnerabilities
Index(es):
- Date
- Thread