-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : awstats Version : 7.0~dfsg-7+deb7u1 CVE ID : CVE-2017-1000501 Debian Bug : 885835
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. For Debian 7 "Wheezy", these problems have been fixed in version 7.0~dfsg-7+deb7u1. We recommend that you upgrade your awstats packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE1jZRJqkttWDGJ6ztF4RXf4EfbqwFAlpVq6kACgkQF4RXf4Ef bqzOOQ/+I+6khyYgjYjpmWASMT0pZQDOf+t4o0gkLsebMXvqW9hKvLboyDqnTNfD fGfQdNHJ6ANnABXP7xctOh7N6rQD9jHEzkw45tQET4ecb/YZbz4ArQdpq+9bSbPT lF9ebn8gDqQuLTKX8D3qtqRhRQvb5fze+GFTv2VnPiK5NdHmHBMvERCaeCD9njMm E/ZpMqkAtwR5Wwy+pCOvPoWs/EWDN15djU8Ew4dENPvSuoCCVACGJWt/6lyAFcTq yf+C0WTIVSfx6J9venNgQGt7XFWDbDD7+5EaKnGrOOTx/Tp2sQLtDhr65RwHycqk Db9K8tQ6KydssHsJMZx+5D21E/uv3QmLKYGb07Lad1sM9GIE9ueGSfQvDCbTgF8+ j1rWo4+EltUdIDkP1biH6ERpeDlK2iKNDYeboTFlYzB+MJM+KjAgi/ID9RHrcC6d iY1gC9zaVbpd0nnKJD4W+WAblEb2TbEr8D5olC4Y92Bd2mGBAicQCNd7aT0gVf5o KgYii/G/rs/Gwxnph4v3E4wzCpVGuLvmgKZydMA10S9s4a0lDlXRG+UM+THjDDCW KiOmhlrJrWQ1KPSR5nve3+yhO/gdJhOJ6g2VH7hUgCo5BrbeYeUPIoHvxrHY6Ui/ hrjYVcoXO8oNKwkoVeyiyeK3O7g8lsmpNe64Fq5E1HpgqB6lvko= =vl5i -----END PGP SIGNATURE-----
