CVE-2008-3714 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3714): Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.8 allows remote attackers to inject arbitrary web script or HTML via the query_string, a different vulnerability than CVE-2006-3681 and CVE-2006-1945.
Upstream applied this patch: http://awstats.cvs.sourceforge.net/awstats/awstats/wwwroot/cgi-bin/awstats.pl?r1=1.910&r2=1.912 6.9 Beta is tagged, and contains the "fix"(?).
upstream bug report: http://sourceforge.net/tracker/index.php?func=detail&aid=2001151&group_id=13764&atid=113764
awstats-6.9 is in the tree. Targets: alpha amd64 hppa ppc x86
works on ~amd64 but seems to remove old installations from htdocs if USE=vhost is not set, which is different from other webapps I use (gallery for example).
amd64/x86 stable
alpha stable
Stable for HPPA.
ppc stable
Ready for vote, I vote NO.
No too, closing.