lp:ubuntu/hardy-updates/awstats
- Get this branch:
- bzr branch lp:ubuntu/hardy-updates/awstats
Branch merges
Branch information
Recent revisions
- 15. By Marc Deslauriers
-
* SECURITY UPDATE: directory traversal via crafted LoadPlugin directory
- debian/patches/ 3000_CVE- 2010-4369. patch: properly sanitize plugin
name in wwwroot/cgi-bin/ awstats. pl.
- CVE-2010-4369 - 14. By Kees Cook
-
* SECURITY UPDATE: XSS via quotes in the "config" parameter (CVE-2008-3714).
- 1006_quote_xss.patch: upstream fixes, thanks to Florian Weimer. - 13. By Jonas Smedegaard <email address hidden>
-
* New upstream release. Closes: bug#436572, thanks to Daniel Baumann.
* Add XS-Vcs-Svn and XS-Vcs-Browser fields to debian/control.
* Fix standards-version in debian/control.in.
* Update CDBS tweaks:
+ Replace auto-update.mk with overloading buildcore.mk.
+ Check copyright strings in pre-build target (not clean target) to
fix race condition.
+ Add upstream-tarball.mk to implement get-orig-source target.
+ Fix applying buildinfo only once.
+ Add debian/README. cdbs-tweaks and advertise it in debian/rules.
* Declare (and merge duplicate) build-dependencies in debian/rules.
Declare all as Build-Depends (not Build-depends-Indep).
* Semi-auto-update debian/control:
DEB_BUILD_OPTIONS= cdbs-autoupdate fakeroot debian/rules pre-build
* Update debian/copyright:
+ Include both copyright and licensing info verbatim.
+ Update to include the year 2007.
+ Refer explicitly to GPLv2. - 11. By Kees Cook
-
Add 'debian/
patches/ 1005_logresolve -dates. patch': correct log parsing,
fixed in upstream 6.6 (Closes LP#51902). - 10. By Kees Cook
-
debian/rules: fix CRLF encodings in examples tools (Closes LP#52085),
fixed in upstream awstats 6.6 already. - 8. By Kees Cook
-
* SECURITY UPDATE: Fix path exposure on error.
* Add 'debian/patches/ 1004_backport_ 6.6_xss- fixes.patch' to correct URL
decoding and adjust error message reports. Backported from upstream.
* References
CVE-2006-3682
http://awstats. cvs.sourceforge .net/awstats/ awstats/ wwwroot/ cgi-bin/ awstats. pl?r1=1. 867&r2= 1.871 - 7. By Jonas Smedegaard <email address hidden>
-
[ Charles Fry ]
* Require AWSTATS_ENABLE_ CONFIG_ DIR environmental variable in order to
enable configdir. Closes: #365910 (thanks to Hendrik Weimer
<email address hidden>)
* Integrated security patches from upstream:
+ Decode QueryString. Closes: #364443 (thanks to Micah Anderson
<email address hidden>)
+ Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
<email address hidden>)
* Indent Homepage in long description, per debian reference guideline[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
+ Broaden scan to also look for "(c)" by default.
+ Make egrep options configurable.
* Semi-auto-update debian/control:
+ Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_ hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
(bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake. - 6. By Martin Pitt
-
* SECURITY UPDATE: Cross-site scripting.
* debian/patches/ 1001_sanitize_ more.patch:
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
parameter (analoguous to CVE-2006-1945, which is already fixed in this
version).
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
[CVE-2006-2237]
- Patch from upstream CVS, taken from Debian's 6.5-2 version.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/karmic/awstats