Debian Security Advisory DSA 892-1 (awstats)

Summary
The remote host is missing an update to awstats announced via advisory DSA 892-1. Peter Vreugdenhil discovered that awstats, a featureful web server log analyser, passes user-supplied data to an eval() function, allowing remote attackers to execute arbitrary Perl commands. The old stable distribution (woody) is not affected by this problem.
Solution
For the stable distribution (sarge) this problem has been fixed in version 6.4-1sarge1. For the unstable distribution (sid) this problem has been fixed in version 6.4-1.1. We recommend that you upgrade your awstats package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20892-1