-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Sat, 5 Feb 2005 17:13:48 +0100 Source: awstats Binary: awstats Architecture: source all Version: 6.3-1 Distribution: unstable Urgency: high Maintainer: Jonas Smedegaard <dr@jones.dk> Changed-By: Jonas Smedegaard <dr@jones.dk> Description: awstats - powerful and featureful web server log analyzer Closes: 291064 293668 293702 294488 Changes: awstats (6.3-1) unstable; urgency=high . * New upstream release. Closes: bug#293702, #293668 (thanks to Nelson A. de Oliveira <naoliv@biolinux.df.ibilce.unesp.br>). + Includes upstream fix for security bug fixed in 6.2-1.1. + Includes upstream fix for most of security bug fixed in 6.2-1.1. * Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin Schulze <joey@infodrom.org>, Martin Pitt <mpitt@debian.org>, Ubuntu, Joey Hess <joeyh@debian.org>, Frank Lichtenheld <djpig@debian.org> and Steve Langasek <vorlon@debian.org>). * Include patch for last parts of security bug fixed in 6.2-1.1: 01_sanitize_more.patch. * Patch (02) to include snapshot of recent development: + Fix security hole that allowed a user to read log file content even when plugin rawlog was not enabled. + Fix a possible use of AWStats for a DoS attack. + configdir option was broken on windows servers. + DebugMessages is by default set to 0 for security reasons. + Minor fixes. * References: CAN-2005-0435 - read server logs via loadplugin and pluginmode CAN-2005-0436 - code injection via PluginMode CAN-2005-0437 - directory traversal via loadplugin CAN-2005-0438 - information leak via debug Files: 2dc54b77fee571afaba6074465ee79fb 577 web optional awstats_6.3-1.dsc edb73007530a5800d53b9f1f90c88053 938794 web optional awstats_6.3.orig.tar.gz daf739c6af548309a9724afaf2631a69 22093 web optional awstats_6.3-1.diff.gz bafc77369b5e40d31b4df2f6ab0920d4 725768 web optional awstats_6.3-1_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.0 (GNU/Linux) iD8DBQFCFAagn7DbMsAkQLgRAhpOAJwKYtnURAoOq/P0xIttjMkPZLYQfACgocV7 R2oNSNdLPwJWHdDToQrCcJ8= =ySLo -----END PGP SIGNATURE----- Accepted: awstats_6.3-1.diff.gz to pool/main/a/awstats/awstats_6.3-1.diff.gz awstats_6.3-1.dsc to pool/main/a/awstats/awstats_6.3-1.dsc awstats_6.3-1_all.deb to pool/main/a/awstats/awstats_6.3-1_all.deb awstats_6.3.orig.tar.gz to pool/main/a/awstats/awstats_6.3.orig.tar.gz -- To UNSUBSCRIBE, email to debian-devel-changes-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org