Sign me up Login

Details about package awstats

Name: awstats (PTS)
Uploader: Håvard Flaget Aasen <haavard_aasen@yahoo.no> (Debian QA page)
Description: awstats - powerful and featureful web server log analyzer

Package uploads

Upload #1

Information

Version: 7.6+dfsg-2+deb10u1
Uploaded: 2021-03-14 13:35
Source package: awstats_7.6+dfsg-2+deb10u1.dsc
Distribution: buster
Section: web
Priority: optional
Homepage: http://awstats.sourceforge.net/
Vcs-Git: git://anonscm.debian.org/collab-maint/awstats.git
Vcs-Browser: http://anonscm.debian.org/gitweb/?p=collab-maint/awstats.git;a=summary
Closes bugs: #891469 #977190

Changelog

 awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium
 .
   * QA upload.
   * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
     pathname, even though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501. Closes: #891469
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
     accepts a partial absolute pathname (omitting the initial /etc), even
     though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
     Closes: #977190

QA information

Comments

No comments