-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Thu, 03 Mar 2011 19:49:55 +0100 Source: logwatch Binary: logwatch Architecture: source all Version: 7.3.6.cvs20080702-2lenny1 Distribution: oldstable-security Urgency: high Maintainer: Willi Mann <willi@wm1.at> Changed-By: Willi Mann <willi@wm1.at> Description: logwatch - log analyser with nice output written in Perl Closes: 615995 Changes: logwatch (7.3.6.cvs20080702-2lenny1) oldstable-security; urgency=high . * CVE-2011-1018: Remote code execution by combination of - Logfile name by attacker's choice (e.g. samba log files) and - Missing sanitization of logfile names in system() call. - fix by encapsulating logfile names in ' and disallowing '. Taken from upstream. - closes: #615995 Checksums-Sha1: e92afa0e0444f0718471a5b9774e6ee76486c6ce 1492 logwatch_7.3.6.cvs20080702-2lenny1.dsc 35141e56e023e525deefb4a43d5b0ae7d5df9774 276521 logwatch_7.3.6.cvs20080702.orig.tar.gz 19ba6e40e7e15aa63dd199e47c9f8cc9612a865e 73715 logwatch_7.3.6.cvs20080702-2lenny1.diff.gz 824b0bdbbe3691dd4c289a970dffea72673ac427 323778 logwatch_7.3.6.cvs20080702-2lenny1_all.deb Checksums-Sha256: 522c0fa669024731d5af6e8333cf83c86d8581f55c4c5678523d9948584cd7a7 1492 logwatch_7.3.6.cvs20080702-2lenny1.dsc d77aa8a9dace4e2863459c744b7ab2519b013b3b68fae5b67cc9198654e80f55 276521 logwatch_7.3.6.cvs20080702.orig.tar.gz 480846672300545d5c62bca7103bca66e6e9048b171b0683b3910332d10a8419 73715 logwatch_7.3.6.cvs20080702-2lenny1.diff.gz a3604deeda3ec4c2536da687cc92791d3190587c5257efec9f1b5cd79e297a8a 323778 logwatch_7.3.6.cvs20080702-2lenny1_all.deb Files: 15007246b2c48958577c72977f7b9068 1492 admin optional logwatch_7.3.6.cvs20080702-2lenny1.dsc c9f616695211e8e8615b79f56683cdd4 276521 admin optional logwatch_7.3.6.cvs20080702.orig.tar.gz 5a2b21437050923e9699818a50bfaad0 73715 admin optional logwatch_7.3.6.cvs20080702-2lenny1.diff.gz 1358708d2fbeb26ba6059679047aefe7 323778 admin optional logwatch_7.3.6.cvs20080702-2lenny1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNcJ6zAAoJEL97/wQC1SS+MmMIAIyooGR41w+YgGpI0m/pwD9Z iURj66cnEN3POL68DWNZFj57pTMPJ8J3nm+UMEPeu1PavxIAnAsKoN7zwRBl7MNd EIpSH4V/H5FS7BXECDiuRztkioReKOqls6H0xmiuqHYudvp5Dns/abkWg0Q82XkV I2wBapC4ndO+l+EoC1j9D8tVldA7Tq2afs1Kj8bFooadatFbQ/znyo+gknyd9rXS hYphSjr4MiTBpgZ7k6BYAuYg98fSrnMPR1yJogEtbvwe8TFpjeUU8Wd/ixQiKzGY /LOXmJ8ukyoA7YNK13Qf0vy7WoP1LbINrjtoLQWiQ13IdnyZeHUNi4LViS5XU6s= =hcWl -----END PGP SIGNATURE----- Accepted: logwatch_7.3.6.cvs20080702-2lenny1.diff.gz to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1.diff.gz logwatch_7.3.6.cvs20080702-2lenny1.dsc to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1.dsc logwatch_7.3.6.cvs20080702-2lenny1_all.deb to main/l/logwatch/logwatch_7.3.6.cvs20080702-2lenny1_all.deb