-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Wed, 02 Mar 2011 08:57:07 +0100 Source: logwatch Binary: logwatch Architecture: source all Version: 7.3.6.cvs20090906-1squeeze1 Distribution: stable-security Urgency: high Maintainer: Willi Mann <willi@wm1.at> Changed-By: Willi Mann <willi@wm1.at> Description: logwatch - log analyser with nice output written in Perl Closes: 615995 Changes: logwatch (7.3.6.cvs20090906-1squeeze1) stable-security; urgency=high . * CVE-2011-1018: Remote code execution by combination of - Logfile name by attacker's choice (e.g. samba log files) and - Missing sanitization of logfile names in system() call. - fix by encapsulating logfile names in ' and disallowing '. Taken from upstream. - closes: #615995 Checksums-Sha1: be293abebeaf385322af445fb3e7069a682d7e5b 1500 logwatch_7.3.6.cvs20090906-1squeeze1.dsc 20901e498220a3ba8f71680da1adc1ad1c13552a 338115 logwatch_7.3.6.cvs20090906.orig.tar.gz 7022a4af62669ab181f27b06d2829c0cc85b1369 88026 logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz 982202e34d194bb1e7e68e5c7f1bce3d299cb001 396658 logwatch_7.3.6.cvs20090906-1squeeze1_all.deb Checksums-Sha256: ac32db5c066fa10f5a8ec09b9d407c05dce112772b5831a156d571bcb4f3bd9e 1500 logwatch_7.3.6.cvs20090906-1squeeze1.dsc 8f4b237a4e58c0ce46cb0498b1220237848c697668d307277265e6962e808d0d 338115 logwatch_7.3.6.cvs20090906.orig.tar.gz e6f9e8393d4bd0fac098e4f457c231029262d6210bd0a7bba5066344e475cdc3 88026 logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz b86584eb33f1d41841c84e4f36a9a1b3e07b5aa3ab7c59c4612219932568f231 396658 logwatch_7.3.6.cvs20090906-1squeeze1_all.deb Files: 95f7e5ff9eb178a01784200ec1be7895 1500 admin optional logwatch_7.3.6.cvs20090906-1squeeze1.dsc b12229916e0a5891a8c1da59afb61e40 338115 admin optional logwatch_7.3.6.cvs20090906.orig.tar.gz 8b106414d2c0edebe954a06cc515d7e2 88026 admin optional logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz 0b8af406daf57a6c1bb7f29131913da0 396658 admin optional logwatch_7.3.6.cvs20090906-1squeeze1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) iQEcBAEBAgAGBQJNcJ62AAoJEL97/wQC1SS+h84H/iO5DIYM8SLTYiYIqlDHDDp5 YI+GdBZ23+O6SyKWRKoJjZu1iK3bxNz6dAfmT3NlKW4KimriRdyInusrY8p40Gw5 glBNLPD8O2JXJ7VNAxkKPDpot1lcZo8P7RQ2DyUEPg0DruYlybbjl5+Z9Ti2ztuf fHdrQgyzxR4EfDZ4cJxl4X1Bu4Cp6lfS5eLwwJ4L5LNycCRnQZymVK55XWbXGRwC Dj4CsF8gXdXSxr3ZaOiaKLwgqXHH7cR9WFl13oudxWFMV28l0V3+MtDbwCfGbr50 JOF3smN27LffsaUOaKMbi95g+KzHZe9kUIAtTNIGNY28CHivGxJyyTWRlj3Oog8= =OeIV -----END PGP SIGNATURE----- Accepted: logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1.diff.gz logwatch_7.3.6.cvs20090906-1squeeze1.dsc to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1.dsc logwatch_7.3.6.cvs20090906-1squeeze1_all.deb to main/l/logwatch/logwatch_7.3.6.cvs20090906-1squeeze1_all.deb