I uploaded mostly Martin's patch with only some changelog adjustments:
(Sorry to Sven for ignoring his patch, but it was easier to edit
Martin's changelog entry to match what I wanted to have than his)
diff -u awstats-6.4/debian/changelog awstats-6.4/debian/changelog
--- awstats-6.4/debian/changelog
+++ awstats-6.4/debian/changelog 2005-09-04 19:17:32.971756616 +0200
@@ -1,6 +1,9 @@
-awstats (6.4-1ubuntu1) breezy; urgency=low
+awstats (6.4-1.1) unstable; urgency=high
- * SECURITY UPDATE: Fix arbitrary command injection.
+ * Non-maintainer upload
+ * SECURITY UPDATE: Fix arbitrary command injection. (Closes: #322591)
+ Thanks to Martin Pitt for reporting the issue and providing the
+ patch.
* Add debian/patches/03_remove_eval.patch:
- Replace all eval() calls for dynamically constructed function names with
soft references. This fixes arbitrary command injection with specially
@@ -10,7 +13,7 @@
CAN-2005-1527
http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities
- -- Martin Pitt <[EMAIL PROTECTED]> Thu, 11 Aug 2005 18:23:09 +0200
+ -- Frank Lichtenheld <[EMAIL PROTECTED]> Sun, 4 Sep 2005 19:17:31 +0200
awstats (6.4-1) unstable; urgency=low
Gruesse,
--
Frank Lichtenheld <[EMAIL PROTECTED]>
www: http://www.djpig.de/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
