On 03 avril 2026 08:55, Sylvain Beucler <[email protected]> wrote:
[...] > So a web panel user, when allowed to modify DNSLastUpdateCacheFile, > could execute code on the machine where awstats runs, where he > normally doesn't have shell access. > > FTR that's why we fixed this in LTS/ELTS. > (though admittedly this should have gone through unstable first) The urgency unimportant come from the security tracker : https://security-tracker.debian.org/tracker/CVE-2025-63261 Christian
