[Pkg-awstats-commits] [SCM] awstats Debian packaging branch, master, updated. debian/6.9.5.dfsg-4-7-g382f7c5
Sergey B Kirpichev
skirpichev at gmail.com
Tue Dec 14 23:53:42 UTC 2010
The following commit has been merged in the master branch:
commit 382f7c5e70fff842c1a355c9bbd2904349aafb22
Author: Sergey B Kirpichev <skirpichev at gmail.com>
Date: Wed Dec 15 02:44:36 2010 +0300
Modify description of the patch 1002, to address CVE-2010-4368 and CVE-2010-4367
diff --git a/debian/patches/1002_disable_configdir.patch b/debian/patches/1002_disable_configdir.patch
index d2ce463..2a777b9 100644
--- a/debian/patches/1002_disable_configdir.patch
+++ b/debian/patches/1002_disable_configdir.patch
@@ -1,6 +1,9 @@
-Description: Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to enable configdir.
-Author: Charles Fry <debian at frogcircus.org>, vendor
-Origin: http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.961&r2=1.962
+Description: Require AWSTATS_ENABLE_CONFIG_DIR environmental variable
+ in order to enable configdir. Sanitize configdir to disable usage of
+ external path in cgi mode (CVE-2010-4368, CVE-2010-4367).
+Author: Charles Fry <debian at frogcircus.org>
+Origin: upstream, http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.958&r2=1.959
+Origin: upstream, http://awstats.cvs.sourceforge.net/viewvc/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.961&r2=1.962
Bug-Debian: http://bugs.debian.org/365910
Bug-Debian: http://bugs.debian.org/606263
--
awstats Debian packaging
More information about the Pkg-awstats-commits
mailing list