[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE request: awstats
From: Josh Bressers <bressers () redhat ! com>
Date: 2009-11-23 19:30:27
Message-ID: 891439954.596821259004627925.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]
----- "Craig" <craig@haquarter.de> wrote:
>
> I think there isn't a CVE for this issues - which was fixed in 6.95 - yet
> (quote from
> http://awstats.sourceforge.net/docs/awstats_changelog.txt):
>
> - Fix security in awredir.pl script by adding a security key required by
> default.
> - Enhance security of parameter sanitizing function
>
I'm adding AWStats upstream to this reply. Can someone elaborate on those
fixes? Are they security flaws, or just proactive security measures.
If they're flaws that need CVE ids, I presume upstream will add them to their
security page:
http://awstats.sourceforge.net/awstats_security_news.php
Thanks.
--
JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic