Your message dated Fri, 02 Feb 2018 01:34:48 +0000 with message-id <e1ehqfc-0009kw...@fasolo.debian.org> and subject line Bug#885835: fixed in awstats 7.6+dfsg-2 has caused the Debian Bug report #885835, regarding awstats: CVE-2017-1000501: path traversals in config and migrate parameter to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 885835: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: awstats Version: 7.6+dfsg-1 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for awstats. CVE-2017-1000501[0]: Path traversal flaws If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-1000501 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501 [1] http://www.openwall.com/lists/oss-security/2017/12/29/1 [2] https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899 [3] https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: awstats Source-Version: 7.6+dfsg-2 We believe that the bug you reported is fixed in the latest version of awstats, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 885...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Adam Borowski <kilob...@angband.pl> (supplier of updated awstats package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 02 Feb 2018 02:21:35 +0100 Source: awstats Binary: awstats Architecture: source Version: 7.6+dfsg-2 Distribution: unstable Urgency: medium Maintainer: Debian QA Group <packa...@qa.debian.org> Changed-By: Adam Borowski <kilob...@angband.pl> Description: awstats - powerful and featureful web server log analyzer Closes: 885835 Changes: awstats (7.6+dfsg-2) unstable; urgency=medium . * QA upload. * Set maintainer to the QA team. * Import fixes from Ubuntu. + CVE-2017-1000501, closes: #885835 + but the fix for #858461 is incomplete * Drop ancient versioned Recommends on an essential package. Checksums-Sha1: 3bffe5ebc97835440f8c3f07976ac1947d3b40ba 1928 awstats_7.6+dfsg-2.dsc 41a5922390afb173565a09139b7f8f1a6ccafd6d 38052 awstats_7.6+dfsg-2.debian.tar.xz f8a51ce8e1b05d51dbbeaf0ec191aba95e483af3 5341 awstats_7.6+dfsg-2_source.buildinfo Checksums-Sha256: 4eb251227293203aed33e540a103bb96b9248385517b566b1f756b9770a7a27e 1928 awstats_7.6+dfsg-2.dsc 4499a730c0bd682d65e6dc712069218761ee6fd6c0614e758fb035c592cc49c7 38052 awstats_7.6+dfsg-2.debian.tar.xz 4be145aa32cbeacac8a31fd3ec420abc37d09785864c8d428bb8429f4351e2f9 5341 awstats_7.6+dfsg-2_source.buildinfo Files: f9409597dac443b175511d8a81576382 1928 web optional awstats_7.6+dfsg-2.dsc e1a20dc076885bbcce800947addb3569 38052 web optional awstats_7.6+dfsg-2.debian.tar.xz abb7790c49535c3567ac6a547ff92dc8 5341 web optional awstats_7.6+dfsg-2_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEkjZVexcMh/iCHArDweDZLphvfH4FAlpzvS4UHGtpbG9ieXRl QGFuZ2JhbmQucGwACgkQweDZLphvfH5n1g//ayV1JDIwGyBqyXqAvyIWUe5Z8JJd XlxFPA5/j31+/lcmI4gGg46V5NFz+kdxQXLJGKC8TlHWIzbCQ0WQp7L8s05/7Djs 7sZA1Yt7VmrqgL0peBQbYxZXSkJwplPAJazj4OF4N8CaKIbUPGDk7OL9x4woD8Qa +wA96NCOqa7Z6y8Fg+s8TCgEiqb7fnLDIQUQZhTLXON8CAX93Kgc6UL31rnTlRBM dXzrufna6dCXEbkXsAgMjyjU57sKbF66RMhUtZdKEnflu5OW0eEsgqDEAKm26fMV uSiKPMnJ01IgdRh9cGfqDbl5+uSqMw3w07torAzzSibjULEVZknz64XPk4rI5utv 8MyBcdNuQBGP5/fw/z8yzuYAMtTKr4fBulCEbWozhxLfZnCbXIgyhR+Pev3RwOlD eJSuwuWzrdVh8+qWrfyvxwgGgU87siTh1Xt7YNyritm+FoBGZJ13n604TMjH9vPV zaIqfMCrW+SKP+B01Qcs320MuF6xgVNXe/nReAOXySdeqEv5I9JUCi4FcP6VYMhI 2yk4bHJvjdZGUlDC50mNJXLpjPHYY6XbTgcboxVkHAoXIWmozS+lYcFNDrieKFYp fFcrd1ydgxAbuUeTHUt1lSBEblmSu+TQFcD1wFC+9VsYhvW7TGZhfj9qYGODkfXT MkTUnaHH8UYjACo= =y+LT -----END PGP SIGNATURE-----
--- End Message ---
