Secure testing team - Dec 2010 - Bug#606263: Multiple security issues

Package: awstats
Severity: grave
Tags: security

Multiple security issues have been reported in awstats. The information
is a bit fishy an at least one issue is Windows-only. Please get in
contact with upstream and ask them for a more clear description of
the problem and isolated patches for the 6.95 version in Squeeze (at
this point at the release process an update to 7.0 it out of the
question):

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4369
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4368
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4367 

Cheers,
        Moritz


-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, ''unstable'')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

Versions of packages awstats depends on:
ii  perl [libtime-hires-perl]     5.10.1-16  Larry Wall''s Practical
Extraction

Versions of packages awstats recommends:
pn  libnet-xwhois-perl            <none>     (no description available)

Versions of packages awstats suggests:
pn  apache | httpd                <none>     (no description available)
pn  libgeo-ipfree-perl            <none>     (no description available)
ii  libnet-dns-perl               0.66-2     Perform DNS queries from a Perl sc
ii  libnet-ip-perl                1.25-2     Perl extension for manipulating IP