1
awstats (6.5-1ubuntu1) dapper; urgency=low
3
* SECURITY UPDATE: Cross-site scripting.
4
* debian/patches/1001_sanitize_more.patch:
5
- Use the Sanitize function to filter out arbitrary HTML from 'diricons'
6
parameter (analoguous to CVE-2006-1945, which is already fixed in this
8
- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).
10
- Patch from upstream CVS, taken from Debian's 6.5-2 version.
12
-- Martin Pitt <martin.pitt@ubuntu.com> Mon, 22 May 2006 21:51:34 +0200
1
awstats (6.5-2) unstable; urgency=high
4
* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to
5
enable configdir. Closes: #365910 (thanks to Hendrik Weimer
7
* Integrated security patches from upstream:
8
+ Decode QueryString. Closes: #364443 (thanks to Micah Anderson
10
+ Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
12
* Indent Homepage in long description, per debian reference guideline
15
* Update local cdbs snippet copyright-check.mk:
16
+ Broaden scan to also look for "(c)" by default.
17
+ Make egrep options configurable.
18
* Semi-auto-update debian/control:
19
+ Bump up versioned build-dependency on debhelper.
20
* Semi-auto-update debian/copyright_hints (nothing remarkable).
21
* Set urgency=high as this upload fixes security-related bugs
22
(bug#365909: CVE-2006-2237).
23
* Fix including a couple of example shell scripts ignored by mistake.
25
-- Jonas Smedegaard <dr@jones.dk> Tue, 9 May 2006 23:10:43 +0200
14
27
awstats (6.5-1) unstable; urgency=low