'Re: [oss-security] CVE request: awstats'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE request: awstats
From:       Josh Bressers <bressers () redhat ! com>
Date:       2009-11-23 19:30:27
Message-ID: 891439954.596821259004627925.JavaMail.root () zmail01 ! collab ! prod ! int ! phx2 ! redhat ! com
[Download RAW message or body]

----- "Craig" <craig@haquarter.de> wrote:
> 
> I think there isn't a CVE for this issues - which was fixed in 6.95 - yet
> (quote from
> http://awstats.sourceforge.net/docs/awstats_changelog.txt):
> 
> - Fix security in awredir.pl script by adding a security key required by
>   default.
> - Enhance security of parameter sanitizing function
> 

I'm adding AWStats upstream to this reply. Can someone elaborate on those
fixes? Are they security flaws, or just proactive security measures.

If they're flaws that need CVE ids, I presume upstream will add them to their
security page:
http://awstats.sourceforge.net/awstats_security_news.php

Thanks.

-- 
    JB
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic