lp:ubuntu/hardy-updates/awstats

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

15. By Marc Deslauriers on 2011-01-11

* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
  - debian/patches/3000_CVE-2010-4369.patch: properly sanitize plugin
    name in wwwroot/cgi-bin/awstats.pl.
  - CVE-2010-4369

14. By Kees Cook on 2008-12-03

* SECURITY UPDATE: XSS via quotes in the "config" parameter (CVE-2008-3714).
  - 1006_quote_xss.patch: upstream fixes, thanks to Florian Weimer.

13. By Jonas Smedegaard <email address hidden> on 2007-08-27

* New upstream release. Closes: bug#436572, thanks to Daniel Baumann.
* Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control.
* Fix standards-version in debian/control.in.
* Update CDBS tweaks:
  + Replace auto-update.mk with overloading buildcore.mk.
  + Check copyright strings in pre-build target (not clean target) to
    fix race condition.
  + Add upstream-tarball.mk to implement get-orig-source target.
  + Fix applying buildinfo only once.
  + Add debian/README.cdbs-tweaks and advertise it in debian/rules.
* Declare (and merge duplicate) build-dependencies in debian/rules.
  Declare all as Build-Depends (not Build-depends-Indep).
* Semi-auto-update debian/control:
    DEB_BUILD_OPTIONS=cdbs-autoupdate fakeroot debian/rules pre-build
* Update debian/copyright:
  + Include both copyright and licensing info verbatim.
  + Update to include the year 2007.
  + Refer explicitly to GPLv2.

12. By Charles Fry <email address hidden> on 2007-02-10

New upstream release (Closes: #350987, #335865)

11. By Kees Cook on 2007-02-06

Add 'debian/patches/1005_logresolve-dates.patch': correct log parsing,
fixed in upstream 6.6 (Closes LP#51902).

10. By Kees Cook on 2007-02-06

debian/rules: fix CRLF encodings in examples tools (Closes LP#52085),
fixed in upstream awstats 6.6 already.

9. By Michael Vogt on 2006-11-27

* Merge from debian unstable. Remaining changes:
  - fix for CVE-2006-3682

8. By Kees Cook on 2006-10-06

* SECURITY UPDATE: Fix path exposure on error.
* Add 'debian/patches/1004_backport_6.6_xss-fixes.patch' to correct URL
  decoding and adjust error message reports. Backported from upstream.
* References
  CVE-2006-3682
  http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.867&r2=1.871

7. By Jonas Smedegaard <email address hidden> on 2006-05-09

[ Charles Fry ]
* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to
  enable configdir. Closes: #365910 (thanks to Hendrik Weimer
  <email address hidden>)
* Integrated security patches from upstream:
  + Decode QueryString. Closes: #364443 (thanks to Micah Anderson
    <email address hidden>)
  + Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
    <email address hidden>)
* Indent Homepage in long description, per debian reference guideline

[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
  + Broaden scan to also look for "(c)" by default.
  + Make egrep options configurable.
* Semi-auto-update debian/control:
  + Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
  (bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake.

6. By Martin Pitt on 2006-05-22

* SECURITY UPDATE: Cross-site scripting.
* debian/patches/1001_sanitize_more.patch:
  - Use the Sanitize function to filter out arbitrary HTML from 'diricons'
    parameter (analoguous to CVE-2006-1945, which is already fixed in this
    version).
  - Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
    [CVE-2006-2237]
  - Patch from upstream CVS, taken from Debian's 6.5-2 version.