[Secure-testing-team] Bug#606263: Multiple security issues
Moritz Muehlenhoff
jmm at debian.org
Tue Dec 7 21:40:59 UTC 2010
Package: awstats
Severity: grave
Tags: security
Multiple security issues have been reported in awstats. The information
is a bit fishy an at least one issue is Windows-only. Please get in
contact with upstream and ask them for a more clear description of
the problem and isolated patches for the 6.95 version in Squeeze (at
this point at the release process an update to 7.0 it out of the
question):
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages awstats depends on:
ii perl [libtime-hires-perl] 5.10.1-16 Larry Wall's Practical Extraction
Versions of packages awstats recommends:
pn libnet-xwhois-perl <none> (no description available)
Versions of packages awstats suggests:
pn apache | httpd <none> (no description available)
pn libgeo-ipfree-perl <none> (no description available)
ii libnet-dns-perl 0.66-2 Perform DNS queries from a Perl sc
ii libnet-ip-perl 1.25-2 Perl extension for manipulating IP
More information about the Secure-testing-team
mailing list