← Back to branch summary

~ubuntu-branches/ubuntu/maverick/awstats/maverick-security

~ubuntu-branches/ubuntu/maverick/awstats/maverick-security

« back to all changes in this revision

Viewing changes to debian/changelog

Committer: Bazaar Package Importer
Author(s): Jonas Smedegaard, Charles Fry, Jonas Smedegaard
Date: 2006-05-09 23:10:43 UTC
Revision ID: james.westby@ubuntu.com-20060509231043-1anmscca1fvenh8u

Tags: 6.5-2

http://bugs.debian.org/365910

http://bugs.debian.org/364443

http://bugs.debian.org/365909

[ Charles Fry ]
* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to
  enable configdir. Closes: #365910 (thanks to Hendrik Weimer
  <hendrik@enyo.de>)
* Integrated security patches from upstream:
  + Decode QueryString. Closes: #364443 (thanks to Micah Anderson
    <micah@debian.org>)
  + Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer
    <hendrik@enyo.de>)
* Indent Homepage in long description, per debian reference guideline

[ Jonas Smedegaard ]
* Update local cdbs snippet copyright-check.mk:
  + Broaden scan to also look for "(c)" by default.
  + Make egrep options configurable.
* Semi-auto-update debian/control:
  + Bump up versioned build-dependency on debhelper.
* Semi-auto-update debian/copyright_hints (nothing remarkable).
* Set urgency=high as this upload fixes security-related bugs
  (bug#365909: CVE-2006-2237).
* Fix including a couple of example shell scripts ignored by mistake.

files added:
debian/patches/0001_sanitize_more.patch

debian/patches/1002_disable_configdir.patch

debian/patches/1003_redirect_to_STDERR.patch

files removed:
debian/patches/1001_sanitize_more.patch

debian/patches/1002_redirect_to_STDERR.patch

files modified:
debian/NEWS

debian/cdbs/1/rules/copyright-check.mk

debian/changelog

debian/control

debian/control.in

debian/copyright_hints

debian/patches/series

debian/rules

Show diffs side-by-side

added added

removed removed

debian/changelog

1

awstats (6.5-1ubuntu1) dapper; urgency=low

2

3

* SECURITY UPDATE: Cross-site scripting.

4

* debian/patches/1001_sanitize_more.patch:

5

- Use the Sanitize function to filter out arbitrary HTML from 'diricons'

6

parameter (analoguous to CVE-2006-1945, which is already fixed in this

7

version).

8

- Sanitize MigrateStats parameter (XSS if statistics updates are enabled).

9

[CVE-2006-2237]

10

- Patch from upstream CVS, taken from Debian's 6.5-2 version.

11

12

-- Martin Pitt <martin.pitt@ubuntu.com> Mon, 22 May 2006 21:51:34 +0200

1

awstats (6.5-2) unstable; urgency=high

2

3

[ Charles Fry ]

4

* Require AWSTATS_ENABLE_CONFIG_DIR environmental variable in order to

5

enable configdir. Closes: #365910 (thanks to Hendrik Weimer

6

<hendrik@enyo.de>)

7

* Integrated security patches from upstream:

8

+ Decode QueryString. Closes: #364443 (thanks to Micah Anderson

9

<micah@debian.org>)

10

+ Sanitize migrate parameter. Closes: #365909 (thanks to Hendrik Weimer

11

<hendrik@enyo.de>)

12

* Indent Homepage in long description, per debian reference guideline

13

14

[ Jonas Smedegaard ]

15

* Update local cdbs snippet copyright-check.mk:

16

+ Broaden scan to also look for "(c)" by default.

17

+ Make egrep options configurable.

18

* Semi-auto-update debian/control:

19

+ Bump up versioned build-dependency on debhelper.

20

* Semi-auto-update debian/copyright_hints (nothing remarkable).

21

* Set urgency=high as this upload fixes security-related bugs

22

(bug#365909: CVE-2006-2237).

23

* Fix including a couple of example shell scripts ignored by mistake.

24

25

-- Jonas Smedegaard <dr@jones.dk> Tue, 9 May 2006 23:10:43 +0200

13

26

14

27

awstats (6.5-1) unstable; urgency=low

15

28

Older »