Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Nov 2005 19:40:40 +0100 Martin Schulze <[EMAIL PROTECTED]> wrote: > Jonas Smedegaard wrote: > > A package has now been uploaded to > > ftp://security.debian.org/pub/SecurityUploadQueue > > > > Hope it is correctly understood that when a fir

Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Martin Schulze
Jonas Smedegaard wrote: > A package has now been uploaded to > ftp://security.debian.org/pub/SecurityUploadQueue > > Hope it is correctly understood that when a firt-timer on > security-debian-org source needs to be incuded. In general this was correct... However, what's this part in the diff: o

Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Nov 2005 20:52:06 +0100 Martin Schulze <[EMAIL PROTECTED]> wrote: > If you wouldn't have uploaded the package already (and this is just > the reason why I prefer to review packages first), I'd ask you for > an update. This way, it'll clutte

Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Nov 2005 19:40:40 +0100 Martin Schulze <[EMAIL PROTECTED]> wrote: > Do you have any idea about the state of the package in woody? > From a first glance it doesn't seem to contain the same code. > Can you confirm that it isn't affected by thi

Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Martin Schulze
Jonas Smedegaard wrote: > > Jonas Smedegaard wrote: > > > A package has now been uploaded to > > > ftp://security.debian.org/pub/SecurityUploadQueue > > > > > > Hope it is correctly understood that when a firt-timer on > > > security-debian-org source needs to be incuded. > > > > In general this

Bug#334833: awstats 6.4-1.1 security fix

2005-11-09 Thread Jonas Smedegaard
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 9 Nov 2005 07:51:44 +0100 Martin Schulze <[EMAIL PROTECTED]> wrote: > Steve Langasek wrote: > > On Tue, Nov 08, 2005 at 10:15:26PM -0500, Charles Fry wrote: > > > > > Version 6.4-1.1 of awstats was uploaded to unstable in response to > > > CV

Bug#334833: awstats 6.4-1.1 security fix

2005-11-08 Thread Martin Schulze
Steve Langasek wrote: > On Tue, Nov 08, 2005 at 10:15:26PM -0500, Charles Fry wrote: > > > Version 6.4-1.1 of awstats was uploaded to unstable in response to > > CVE-2005-1527. However, it was never uploaded to stable-security, even > > though version 6.4.1 is the current stable version of awstats

Bug#334833: awstats 6.4-1.1 security fix

2005-11-08 Thread Steve Langasek
On Tue, Nov 08, 2005 at 10:15:26PM -0500, Charles Fry wrote: > Version 6.4-1.1 of awstats was uploaded to unstable in response to > CVE-2005-1527. However, it was never uploaded to stable-security, even > though version 6.4.1 is the current stable version of awstats. > As far as I can tell, 6.4-1

Bug#334833: awstats 6.4-1.1 security fix

2005-11-08 Thread Charles Fry
Hi, Version 6.4-1.1 of awstats was uploaded to unstable in response to CVE-2005-1527. However, it was never uploaded to stable-security, even though version 6.4.1 is the current stable version of awstats. As far as I can tell, 6.4-1.1 (or 6.4.2) should be uploaded to stable-security. Charles --