← Back to branch summary

~ubuntu-branches/ubuntu/lucid/awstats/lucid-security

~ubuntu-branches/ubuntu/lucid/awstats/lucid-security

« back to all changes in this revision

Viewing changes to debian/changelog

Committer: Bazaar Package Importer
Author(s): Martin Pitt, CVE-2006-2237
Date: 2006-05-22 21:51:34 UTC
Revision ID: james.westby@ubuntu.com-20060522215134-wfjebcfggqkgsvf9

Tags: 6.5-1ubuntu1

* SECURITY UPDATE: Cross-site scripting.
* debian/patches/1001_sanitize_more.patch:
  - Use the Sanitize function to filter out arbitrary HTML from 'diricons'
    parameter (analoguous to CVE-2006-1945, which is already fixed in this
    version).
  - Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
    [CVE-2006-2237]
  - Patch from upstream CVS, taken from Debian's 6.5-2 version.

files modified:
debian/changelog

debian/patches/1001_sanitize_more.patch

Show diffs side-by-side

added added

removed removed

debian/changelog

1

awstats (6.5-1ubuntu1) dapper; urgency=low

2

3

* SECURITY UPDATE: Cross-site scripting.

4

* debian/patches/1001_sanitize_more.patch:

5

- Use the Sanitize function to filter out arbitrary HTML from 'diricons'

6

parameter (analoguous to CVE-2006-1945, which is already fixed in this

7

version).

8

- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).

9

[CVE-2006-2237]

10

- Patch from upstream CVS, taken from Debian's 6.5-2 version.

11

12

-- Martin Pitt <martin.pitt@ubuntu.com> Mon, 22 May 2006 21:51:34 +0200

13

1

14

awstats (6.5-1) unstable; urgency=low

2

15

3

16

[ Jonas Smedegaard ]

Older »