Date: Mon, 08 Jan 2018 17:17:03 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 225007] www/awstats: Update to 7.7 (security) Message-ID: <bug-225007-13@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D225007 Bug ID: 225007 Summary: www/awstats: Update to 7.7 (security) Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: patch, security Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: vidar@karlsen.tech Created attachment 189529 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D189529&action= =3Dedit svn diff for awstats update from 7.6 to 7.7 Release notes for awstats 7.7 (from upstream): Security fix: CVE-2017-1000501 [1] Security fix: Missing sanitizing of parameters Fix LogFormat=3D4 with url containing spaces. Fix to window.opener vulnerability in external referral site links. Add methodurlprot in key to define log format. Add Dynamic DNS Lookup. Fix edge support. [1] CVE-2017-1000501: Awstats version 7.6 and earlier is vulnerable to a pa= th traversal flaw in the handling of the "config" and "migrate" parameters resulting in unauthenticated remote code execution. poudriere testport ok on: * 11.1 amd64 * 11.1 i386 * 10.4 amd64 * 10.4 i386 * 10.3 amd64 * 10.3 i386 portlint -C: looks fine. Also requesting maintainership as this port has no maintainer. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-225007-13>