Ubuntu
awstats package

lp:ubuntu/breezy/awstats

Breezy (5.10)
breezy

Created by James Westby on 2009-06-15 and last modified on 2009-06-15

Get this branch:: bzr branch lp:ubuntu/breezy/awstats

Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

No branches dependent on this one.

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Ubuntu branches

Review team:: Ubuntu Development Team

Status:: Development

Recent revisions

4. By Martin Pitt on 2005-08-11: * SECURITY UPDATE: Fix arbitrary command injection.
* Add debian/patches/03_remove_eval.patch:
  - Replace all eval() calls for dynamically constructed function names with
    soft references. This fixes arbitrary command injection with specially
    crafted referer URLs which contain Perl code.
  - Patch taken from upstream CVS, and contained in 6.5 release.
* References:
  CAN-2005-1527
  http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
3. By Jonas Smedegaard <email address hidden> on 2005-02-05: * New upstream release. Closes: bug#293702, #293668 (thanks to Nelson
  A. de Oliveira <email address hidden>).
  + Includes upstream fix for security bug fixed in 6.2-1.1.
  + Includes upstream fix for most of security bug fixed in 6.2-1.1.
* Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin
  Schulze <email address hidden>, Martin Pitt <email address hidden>, Ubuntu,
  Joey Hess <email address hidden>, Frank Lichtenheld <email address hidden> and Steve
  Langasek <email address hidden>).
* Include patch for last parts of security bug fixed in 6.2-1.1:
  01_sanitize_more.patch.
* Patch (02) to include snapshot of recent development:
  + Fix security hole that allowed a user to read log file content
    even when plugin rawlog was not enabled.
  + Fix a possible use of AWStats for a DoS attack.
  + configdir option was broken on windows servers.
  + DebugMessages is by default set to 0 for security reasons.
  + Minor fixes.
* References:
  CAN-2005-0435 - read server logs via loadplugin and pluginmode
  CAN-2005-0436 - code injection via PluginMode
  CAN-2005-0437 - directory traversal via loadplugin
  CAN-2005-0438 - information leak via debug
2. By Jonas Smedegaard <email address hidden> on 2004-05-05: Really fix bug#247265. Really closes: Bug#247265 (thanks to Edward
J. Shornock <email address hidden>).
1. By Jonas Smedegaard <email address hidden> on 2004-05-05: Import upstream version 6.0

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

Stacked on:: lp:ubuntu/karmic/awstats

This branch contains Public information

Everyone can see this information.

Subscribers

James Westby

Ubuntuawstats package