lp:ubuntu/gutsy-updates/awstats
- Get this branch:
- bzr branch lp:ubuntu/gutsy-updates/awstats
Branch merges
Branch information
Recent revisions
- 13. By Kees Cook
-
* SECURITY UPDATE: XSS via quotes in the "config" parameter (CVE-2008-3714).
- 1006_quote_xss.patch: upstream fixes, thanks to Florian Weimer. - 11. By Kees Cook
-
Add 'debian/
patches/ 1005_logresolve -dates. patch': correct log parsing,
fixed in upstream 6.6 (Closes LP#51902). - 10. By Kees Cook
-
debian/rules: fix CRLF encodings in examples tools (Closes LP#52085),
fixed in upstream awstats 6.6 already. - 8. By Kees Cook
-
* SECURITY UPDATE: Fix path exposure on error.
* Add 'debian/patches/ 1004_backport_ 6.6_xss- fixes.patch' to correct URL
decoding and adjust error message reports. Backported from upstream.
* References
CVE-2006-3682
http://awstats. cvs.sourceforge .net/awstats/ awstats/ wwwroot/ cgi-bin/ awstats. pl?r1=1. 867&r2= 1.871 - 7. By Jonas Smedegaard <email address hidden>
-
[ Charles Fry ]
* Require AWSTATS_ENABLE_ CONFIG_ DIR environmental variable in order to
enable configdir. Closes: #365910 (thanks to Hendrik Weimer
<email address hidden>)
* Integrated security patches from upstream:
+ Decode QueryString. Closes: #364443 (thanks to Micah Anderson
<email address hidden>)
+ Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
<email address hidden>)
* Indent Homepage in long description, per debian reference guideline[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
+ Broaden scan to also look for "(c)" by default.
+ Make egrep options configurable.
* Semi-auto-update debian/control:
+ Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_ hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
(bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake. - 6. By Martin Pitt
-
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/ 1001_sanitize_ more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version. - 5. By Jonas Smedegaard <email address hidden>
-
[ Jonas Smedegaard ]
* New upstream release.
+ Recognizes GNUTLS from lynx User-Agent header. Closes: #306130
(thanks to Dmitry Baryshkov <email address hidden>).
+ Geoip shows countries for resolved hostnames. Closes: #317310
(thanks to Administrator <email address hidden>).
* Simplify watch file to better work with parser used at qa.d.o.
* Improve cdbs rules:
+ Use quilt (rather than cdbs-internal patch system).
+ Add and enable new local snippets copyright-check and auto-update.
+ Update local snippet buildinfo (fixing its namespace).
* Auto-update debian/control:
+ Tightened build-dependency on cdbs.
+ Added build-dependencies on patchutils and quilt.
* Package is now team-maintained:
+ New maintainer: Debian AWStats Team
<email address hidden>.
+ Add myself as uploader.[ Charles Fry ]
* Use qa.debian.org SF redirector in watch file.
* Use Homepage instead of Website in debian/control, per DDR 6.2.4.
* Removed patches integrated upstream - 4. By Jonas Smedegaard <email address hidden>
-
[ Charles Fry ]
* New co-maintainer.
* Suggest libgeo-ipfree-perl. Closes: #316126 (thanks to Gunnar Wolf
<email address hidden>).
* Fixed README.Debian path to configure.pl. Closes: #313093 (thanks to
Michael De Nil <email address hidden>).[ Jonas Smedegaard ]
* Acknowledge NMU. Closes: bug#322591.
* Bump up watch version, and adjust the default command (we have moved
to SubVerSion).
* Add proto to URL in long description.
* User newer chown syntax in postinst (thanks to lintian).
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/awstats