Date: Sat, 6 Jan 2018 10:33:33 +0100 From: Hanno Böck <hanno@...eck.de> To: John Lightsey <jd@...nel.net> Cc: oss-security@...ts.openwall.com Subject: Re: Path traversal flaws in awstats 7.6 and earlier. Hi, On Wed, 27 Dec 2017 09:21:41 -0600 John Lightsey <jd@...nel.net> wrote: > The cPanel Security Team discovered two path traversal flaws in > awstats that could be leveraged for unauthenticated remote code > execution. On https://awstats.sourceforge.io/#DOWNLOAD the latest version is still 7.6 On the github repo you linked the latest version is 7.5. Are you in contact with the developers? It's not exactly ideal that there's a publicly known remote code execution and there is no new release containing the fix. -- Hanno Böck https://hboeck.de/ mail/jabber: hanno@...eck.de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ