--- /dev/null
+From: Julien Viard de Galbert <julien@vdg.blogsite.org>
+Date: Tue, 23 Nov 2010 23:29:54 +0100
+Subject: Solve a symlink vulnerability
+
+In the same spirit as previous 08_symlink_vulnerability patch for #359745
+The .htaccess file creation did not test the symlink.
+
+Index: webalizer/output.c
+===================================================================
+--- webalizer.orig/output.c 2010-11-24 14:34:36.000000000 +0100
++++ webalizer/output.c 2010-11-24 14:36:56.000000000 +0100
+@@ -2408,6 +2408,21 @@
+ /* .htaccess file needed? */
+ if (htaccess)
+ {
++ struct stat out_stat;
++
++ /* stat the file */
++ if ( !(lstat(".htaccess", &out_stat)) )
++ {
++ /* check if the file a symlink */
++ if ( S_ISLNK(out_stat.st_mode) )
++ {
++ if (verbose)
++ fprintf(stderr,"%s %s (symlink)\n",msg_no_open,".htaccess");
++ return NULL;
++ }
++ }
++
++ /* open the file... */
+ if ((out_fp=fopen(".htaccess","wx")) != NULL)
+ {
+ fprintf(out_fp,"DirectoryIndex %s\n",index_fname);