[Bug 225007] www/awstats: Update to 7.7 (security)

Mon Jan 8 17:17:03 UTC 2018

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=225007

            Bug ID: 225007
           Summary: www/awstats: Update to 7.7 (security)
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: patch, security
          Severity: Affects Some People
          Priority: ---
         Component: Individual Port(s)
          Assignee: freebsd-ports-bugs at FreeBSD.org
          Reporter: vidar at karlsen.tech

Created attachment 189529
  --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=189529&action=edit
svn diff for awstats update from 7.6 to 7.7

Release notes for awstats 7.7 (from upstream):
Security fix: CVE-2017-1000501 [1]
Security fix: Missing sanitizing of parameters
Fix LogFormat=4 with url containing spaces.
Fix to window.opener vulnerability in external referral site links.
Add methodurlprot in key to define log format.
Add Dynamic DNS Lookup.
Fix edge support.

[1] CVE-2017-1000501: Awstats version 7.6 and earlier is vulnerable to a path
traversal flaw in the handling of the "config" and "migrate" parameters
resulting in unauthenticated remote code execution.

poudriere testport ok on:
* 11.1 amd64
* 11.1 i386
* 10.4 amd64
* 10.4 i386
* 10.3 amd64
* 10.3 i386

portlint -C: looks fine.

Also requesting maintainership as this port has no maintainer.

-- 
You are receiving this mail because:
You are the assignee for the bug.