[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#981622: RFS: awstats/7.8-2 [QA] [RC] -- powerful and featureful web server log analyzer

Package: sponsorship-requests
Severity: important

Dear mentors,

I am looking for a sponsor for my package "awstats":

 * Package name    : awstats
   Version         : 7.8-2
   Upstream Author : Laurent Destailleur <eldy@users.sourceforge.net>
 * URL             : http://awstats.sourceforge.net/
 * License         : Apache-2.0, GPL-1+, GPL-3+, CC-BY-3.0
 * Vcs             : https://salsa.debian.org/debian/awstats
   Section         : web

It builds those binary packages:

  awstats - powerful and featureful web server log analyzer

To access further information about this package, please visit the
following URL:


Alternatively, one can download the package with dget using this command:

  dget -x

Changes since the last upload:

 awstats (7.8-2) unstable; urgency=high
   * QA upload.
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
     accepts a partial absolute pathname (omitting the initial /etc), even
     though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
     Closes: #977190

This only adds an upstream patch to close a CVE


Reply to: