-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Wed, 24 May 2006 09:48:03 +0200 Source: awstats Binary: awstats Architecture: source all Version: 6.4-1sarge3 Distribution: stable-security Urgency: high Maintainer: Martin Schulze <joey@debian.org> Changed-By: Martin Schulze <joey@infodrom.org> Description: awstats - powerful and featureful web server log analyzer Changes: awstats (6.4-1sarge3) stable-security; urgency=high . * Non-maintainer upload by the Security Team * Backported patch by Charles Fry to fix arbitrary command execution via arbitrary config file [wwwroot/cgi-bin/awstats.pl, debian/patches/05_CVE-2006-XXXX.patch, Bug#365910] * Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to enable configdir. Files: c89ec8be4c06c290950e1da615b4e215 589 web optional awstats_6.4-1sarge3.dsc fb59598c0a1ddd970c48bed857c0b364 19145 web optional awstats_6.4-1sarge3.diff.gz 395a9e5acb69dcc50da9cf88ed9a89da 728706 web optional awstats_6.4-1sarge3_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFEdrD8W5ql+IAeqTIRAmfTAJ98VfSToaNOa93aHgBSwI4sCXAUegCbBRkl 4+hdYd8W1fTMzPk8+rF3uAg= =vaqT -----END PGP SIGNATURE----- Accepted: awstats_6.4-1sarge3.diff.gz to pool/main/a/awstats/awstats_6.4-1sarge3.diff.gz awstats_6.4-1sarge3.dsc to pool/main/a/awstats/awstats_6.4-1sarge3.dsc awstats_6.4-1sarge3_all.deb to pool/main/a/awstats/awstats_6.4-1sarge3_all.deb