1
PublicDateAtUSN: 2018-01-03
2
Candidate: CVE-2017-1000501
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000501
6
https://usn.ubuntu.com/usn/usn-3518-1
8
Awstats version 7.6 and earlier is vulnerable to a path traversal flaw in
9
the handling of the "config" and "migrate" parameters resulting in
10
unauthenticated remote code execution.
14
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885835
20
upstream: https://github.com/eldy/awstats/commit/cf219843a74c951bf5986f3a7fffa3dcf99c3899
21
upstream: https://github.com/eldy/awstats/commit/06c0ab29c1e5059d9e0279c6b64d573d619e1651
22
upstream_awstats: needs-triage
23
precise/esm_awstats: DNE
24
trusty_awstats: released (7.2+dfsg-1ubuntu0.1)
25
xenial_awstats: released (7.4+dfsg-1ubuntu0.2)
26
zesty_awstats: released (7.6+dfsg-1ubuntu0.17.04.1)
27
artful_awstats: released (7.6+dfsg-1ubuntu0.17.10.1)
28
devel_awstats: released (7.6+dfsg-1ubuntu1)