From: Laurent Destailleur Date: Sun, 21 Sep 2014 23:00:51 +0000 (+0200) Subject: Fix #212 CVE-2006-2237 X-Git-Tag: AWSTATS_7_4~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=31076c19c36b04dab53ed2592d67710ff7e8ef79;p=thirdparty%2FAWStats.git Fix #212 CVE-2006-2237 --- diff --git a/docs/awstats_changelog.txt b/docs/awstats_changelog.txt index f32ec133..5fc75f91 100644 --- a/docs/awstats_changelog.txt +++ b/docs/awstats_changelog.txt @@ -18,6 +18,7 @@ Fixes: - #921 Failure in the help text for geoip_generator.pl - #909 awstats_buildstaticpages.pl noisy debug output. - #680 Invalid data passed to Time::Local causes global destruction. +- #212 Fix CVE-2006-2237 ***** 7.3 ***** diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl index eb14ae3b..8e40988c 100755 --- a/wwwroot/cgi-bin/awstats.pl +++ b/wwwroot/cgi-bin/awstats.pl @@ -1322,7 +1322,7 @@ sub debug { if ( $level <= $DEBUGFORCED ) { my $debugstring = $_[0]; if ( !$DebugResetDone ) { - open( DEBUGFORCEDFILE, "debug.log" ); + open( DEBUGFORCEDFILE, "