[ubuntu/dapper-security] awstats, awstats (delayed) 6.5-1ubuntu1.4 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Mon Jan 24 14:04:09 UTC 2011
awstats (6.5-1ubuntu1.4) dapper-security; urgency=low
* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
- debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
name in wwwroot/cgi-bin/awstats.pl.
- CVE-2010-4369
Date: Tue, 11 Jan 2011 17:42:12 -0600
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Debian AWStats Team <pkg-awstats-devel at lists.alioth.debian.org>
https://launchpad.net/ubuntu/dapper/+source/awstats/6.5-1ubuntu1.4
-------------- next part --------------
Format: 1.7
Date: Tue, 11 Jan 2011 17:42:12 -0600
Source: awstats
Binary: awstats
Architecture: source
Version: 6.5-1ubuntu1.4
Distribution: dapper-security
Urgency: low
Maintainer: Debian AWStats Team <pkg-awstats-devel at lists.alioth.debian.org>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
awstats - powerful and featureful web server log analyzer
Changes:
awstats (6.5-1ubuntu1.4) dapper-security; urgency=low
.
* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
- debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
name in wwwroot/cgi-bin/awstats.pl.
- CVE-2010-4369
Files:
403908718ed4d34bb4c728223e810a12 1426 web optional awstats_6.5-1ubuntu1.4.dsc
a821b60de3f940338b9e43e5ff5d29f1 20512 web optional awstats_6.5-1ubuntu1.4.diff.gz
More information about the dapper-changes
mailing list