Ubuntu
awstats package

lp:ubuntu/warty-security/awstats

  1. Warty (4.10)
  2. warty-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/warty-security/awstats
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Development

Recent revisions

3. By Martin Pitt

* SECURITY UPDATE: fix more arbitrary command execution vulnerabilities
* wwwroot/cgi-bin/awstats.pl: remove all non-path characters from the
  "config", "logfile", "pluginmode", "loadplugin", and "noloadplugin"
  parameters (which are defined by the remote user) to prevent execution of
  arbitrary shell commands through shell metacharacters.
* References:
  similar to CAN-2005-0116
  http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf

2. By Jonas Smedegaard <email address hidden>

Really fix bug#247265. Really closes: Bug#247265 (thanks to Edward
J. Shornock <email address hidden>).

1. By Jonas Smedegaard <email address hidden>

Import upstream version 6.0

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/awstats
This branch contains Public information 
Everyone can see this information.

Subscribers