aboutsummaryrefslogtreecommitdiffstats
path: root/main/awstats/CVE-2020-35176.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/awstats/CVE-2020-35176.patch')
-rw-r--r--main/awstats/CVE-2020-35176.patch30
1 files changed, 30 insertions, 0 deletions
diff --git a/main/awstats/CVE-2020-35176.patch b/main/awstats/CVE-2020-35176.patch
new file mode 100644
index 00000000000..3e707c35dc4
--- /dev/null
+++ b/main/awstats/CVE-2020-35176.patch
@@ -0,0 +1,30 @@
+From 0d4d4c05f8e73be8f71dd361dc55cbd52858b823 Mon Sep 17 00:00:00 2001
+From: Beuc <beuc@beuc.net>
+Date: Thu, 17 Dec 2020 18:14:43 +0100
+Subject: [PATCH] Only look for configuration in dedicated awstats directories
+
+Fixes #195/CVE-2020-35176
+---
+ wwwroot/cgi-bin/awstats.pl | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/wwwroot/cgi-bin/awstats.pl b/wwwroot/cgi-bin/awstats.pl
+index e709b7f5..8341c0a5 100755
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -1711,13 +1711,13 @@ sub Read_Config {
+ # Check config file in common possible directories :
+ # Windows : "$DIR" (same dir than awstats.pl)
+ # Standard, Mandrake and Debian package : "/etc/awstats"
+- # Other possible directories : "/usr/local/etc/awstats", "/etc"
++ # Other possible directories : "/usr/local/etc/awstats",
+ # FHS standard, Suse package : "/etc/opt/awstats"
+ my $configdir = shift;
+ my @PossibleConfigDir = (
+ "$DIR",
+ "/etc/awstats",
+- "/usr/local/etc/awstats", "/etc",
++ "/usr/local/etc/awstats",
+ "/etc/opt/awstats"
+ );
+