Summary: | net-www/awstats <6.9 awstats.pl Cross-site scripting (CVE-2008-3714) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | Jan.Schubert, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Robert Buchholz (RETIRED)
2008-08-19 20:20:14 UTC
Upstream applied this patch: http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912 6.9 Beta is tagged, and contains the "fix"(?). upstream bug report: http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764 awstats-6.9 is in the tree. Targets: alpha amd64 hppa ppc x86 works on ~amd64 but seems to remove old installations from htdocs if USE=vhost is not set, which is different from other webapps I use (gallery for example). amd64/x86 stable alpha stable Stable for HPPA. ppc stable Ready for vote, I vote NO. No too, closing. |