In-Reply-To: <42126DAD.7090704 (at) norwich (dot) edu [email concealed]>
6.4 was released on 2005-02-14 13:13
Fixes:
- Fix security hole that allowed a user to read log file content even
when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- configdir option was broken on windows servers.
- Minor fixes
Regards
K-OTik Security Research & Monitoring Team 24/7
http://www.k-otik.com/english
>Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same
>error. So.. Can we all agree that 6.3 is not vulnerable, because I'd
>rather not upgrade to a dev/unstable release for no reason...
>
>regards,
>jamie
6.4 was released on 2005-02-14 13:13
Fixes:
- Fix security hole that allowed a user to read log file content even
when plugin rawlog was not enabled.
- Fix a possible use of AWStats for a DoS attack.
- configdir option was broken on windows servers.
- Minor fixes
Regards
K-OTik Security Research & Monitoring Team 24/7
http://www.k-otik.com/english
>Still no dice on 6.3, even with the "config=www.site.org" etc,etc.. same
>error. So.. Can we all agree that 6.3 is not vulnerable, because I'd
>rather not upgrade to a dev/unstable release for no reason...
>
>regards,
>jamie
[ reply ]