Bug#981622: RFS: awstats/7.8-2 [QA] [RC] -- powerful and featureful web server log analyzer
Package: sponsorship-requests
Severity: important
Dear mentors,
I am looking for a sponsor for my package "awstats":
* Package name : awstats
Version : 7.8-2
Upstream Author : Laurent Destailleur <eldy@users.sourceforge.net>
* URL : http://awstats.sourceforge.net/
* License : Apache-2.0, GPL-1+, GPL-3+, CC-BY-3.0
* Vcs : https://salsa.debian.org/debian/awstats
Section : web
It builds those binary packages:
awstats - powerful and featureful web server log analyzer
To access further information about this package, please visit the
following URL:
https://mentors.debian.net/package/awstats/
Alternatively, one can download the package with dget using this command:
dget -x
https://mentors.debian.net/debian/pool/main/a/awstats/awstats_7.8-2.dsc
Changes since the last upload:
awstats (7.8-2) unstable; urgency=high
.
* QA upload.
* CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
accepts a partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
Closes: #977190
This only adds an upstream patch to close a CVE
Regards,
Håvard
Reply to: