[SECURITY] [DLA 3225-1] awstats security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 3225-1] awstats security update
From: Utkarsh Gupta <guptautkarsh2102@gmail.com>
Date: Mon, 5 Dec 2022 18:37:08 +0530
Message-id: <[🔎] CAPP0f975A8XKVTiZQZDWOWtnwOVm=g8Mi-V_ttyMrR2KBKhoeg@mail.gmail.com>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -----------------------------------------------------------------------
Debian LTS Advisory DLA-3225-1              debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Utkarsh Gupta
December 05, 2022                           https://wiki.debian.org/LTS
- -----------------------------------------------------------------------

Package        : awstats
Version        : 7.6+dfsg-2+deb10u2
CVE ID         : CVE-2022-46391
Debian Bug     : 1025410

AWStats, a powerful and featureful web server log analyzer, allowed
XSS in the hostinfo plugin due to printing a response from
Net::XWhois without proper checks.

For Debian 10 buster, this problem has been fixed in version
7.6+dfsg-2+deb10u2.

We recommend that you upgrade your awstats packages.

For the detailed security status of awstats please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/awstats

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAmON7NsACgkQgj6WdgbD
S5Yj3hAAvXhbbSpbxpAbzh2Nw0jwDcVa6x4x7ob5w4YSEmO96n1BBy2qpUPIhhcq
YzKv5Ddv7f9PlfA3pBST0ZBh2UI5U3akQXiHcxkT9gMT5mcuKYW8AGXDc3XBExCp
4q87h2smNvWktrJk9/tDHLANfv5yphWr9qHWiTMO8TeHxZmrTeJRk+OFDbO2pqcx
4vjFUjMw/F1j9UvnRHyPq08EdPmPU4pqtPTfqimuSD5Zt3uDR1SxI+TbiAec6ZtE
Fb10pdtQPqOtGxRQk9rQJi/cfr/2m+HVBq97D+lOCJ5AUgYhpEnbNaw8CtFCiYws
uJUMFNhGuOejUKeWtyLeAd4k9oeUdVLnExqFLvijzTYjc24u5mdaxXY4pu1xc7s8
uYe60YDlqn6TXpyJjnp81j9hw4VM9ZWP9X49ltbV1PG2APutykQnxNsAIy4H8hFp
SIRgGPXALsLZKO3qh0pLBMa7hAck41Cdhu9Q6rWpR+aslczFtvzV8QZth/hKPJ7r
LRIA8Vl5hxBBPsG0D1plPQ9LoMv+mB+swlm0kHfMP+6z5xwirsaMmxgTFZc5tdN1
ulG3nI4eWmCaLDL08VtCDn1GugKVRaQwoSuZDOIgrhQyGA6W3aKztkzeUbU7hQjE
t7T2dBwBIYhe8ZaUi9MZqWFr4X6cFUnMo9LsRv3hOZgUQzO/Ml0=
=KnKh
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3224-1] http-parser security update
Next by Date: [SECURITY] [DLA 3226-1] cgal security update
Previous by thread: [SECURITY] [DLA 3224-1] http-parser security update
Next by thread: [SECURITY] [DLA 3226-1] cgal security update
Index(es):
- Date
- Thread