Accepted:
OK: awstats_6.5-1ubuntu1.dsc
-> Component: main Section: web
OK: awstats_6.5-1ubuntu1.diff.gz
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 22 May 2006 21:51:34 +0200
Source: awstats
Binary: awstats
Architecture: source
Version: 6.5-1ubuntu1
Distribution: dapper
Urgency: low
Maintainer: Debian AWStats Team <[EMAIL PROTECTED]>
Changed-By: Martin Pitt <[EMAIL PROTECTED]>
Description:
awstats - powerful and featureful web server log analyzer
Changes:
awstats (6.5-1ubuntu1) dapper; urgency=low
.
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/1001_sanitize_more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version.
Files:
306dddac8b3fa0bfdff8f00ce8303e3f 775 web optional awstats_6.5-1ubuntu1.dsc
bf42480f19b115c5ec256482d7b5a068 18353 web optional
awstats_6.5-1ubuntu1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)
iD8DBQFEchfODecnbV4Fd/IRAtguAJ9GVj0NEnJyrv31R4XN/9/qS96kTgCfUBD7
jHyzddhfRCtTCyf+9iPf6Ns=
=fRgf
-----END PGP SIGNATURE-----
--
dapper-changes mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/dapper-changes
