Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted awstats 7.8-2 (source) into unstable
Date: Tue, 02 Feb 2021 13:03:25 +0000
Signed by: Adam Borowski <kilobyte@angband.pl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Feb 2021 08:56:57 +0100
Source: awstats
Architecture: source
Version: 7.8-2
Distribution: unstable
Urgency: high
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Håvard Flaget Aasen <haavard_aasen@yahoo.no>
Closes: 977190
Changes:
 awstats (7.8-2) unstable; urgency=high
 .
   * QA upload.
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
     accepts a partial absolute pathname (omitting the initial /etc), even
     though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
     Closes: #977190
Checksums-Sha1:
 c9c00e05a8cbf5bfbdf42700e71dfcd61d72e228 1834 awstats_7.8-2.dsc
 1da0b7b76f3c10d8c8d7098a32b7bbdc2372aa93 37172 awstats_7.8-2.debian.tar.xz
 f42d2c53d554c7364707ec1e4bc945adc09d3611 7850 awstats_7.8-2_source.buildinfo
Checksums-Sha256:
 1507cb576d9c5c84beefc1d90d593c91ad68e793dcb2246cba2872f385901da6 1834 awstats_7.8-2.dsc
 326eaeb02e3203ab5b7394b020ec01c12508ed7cbd5fd57af7c64966387d522d 37172 awstats_7.8-2.debian.tar.xz
 d90b8f2c44fac6470430ae85060165af7b2203615310b2276202fc11cb8fd5df 7850 awstats_7.8-2_source.buildinfo
Files:
 8393c5f90563c76aa90809fe49e88f3d 1834 web optional awstats_7.8-2.dsc
 55b3d37846b3375df720b0c24931413b 37172 web optional awstats_7.8-2.debian.tar.xz
 237aa0355407126c431f429fa6714bda 7850 web optional awstats_7.8-2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAmAZSGQACgkQweDZLphv
fH5rfQ//WxHOW4gK5yzfhNGNuPsMm+Ns3NIjUYoiPKQykTsUqHw/Y8gdmwQ1oaYE
oFAZO8JXEaRtNHEgZ8Yx1re7AxbN4C9IjP0O/hXAHx++ZSO1nK2dV8b/13/Sc0py
lzL/muIq3bNdGZcqAGY4SP+IAvtqTYje0rP8xh9BNn9Vsa/vJZsBND3Ku/ohhf5U
rKk0MEAiqU0YHkxY8NFNV15HZnFdquimWw8Uyk6ACilHg/8nFjtnR+3Ehp+mWRpj
7oA/FwNpdHak2JrWGyXpST7/Rsg7dNnqrIJ3EYHqrdqqJ38FgBBCrl0JHr9p4IwP
4WQ+eQ5zpVE9/TasA0UQynXG+49qiTFyWMct+3L0u8bw6UIAgrGqWhzh13CO7MHx
aINwMBfYVhalSpQRpGx8F9Pb5v/6ar+S/BjzhOTCQWkfVYG1J1kKQbEJiX42YaVz
fgc5SWoiioYCUYq+VIKLs3cNNFEOMIHQhYiMlyTPDgpnIy+oyXcc1KF7S+shKync
5gfpK2+SaZFOE+fuJd7elLFEAd6JcrmwC7qphYxQeLuMhMCqkko0R4TcwkyJcSJt
OVN/LDYaGUmZFh4Tw1/7aNs+J20zpiIFcQtk6yA2a2cky06bU+aCBFFEv5DTMKUh
VuKePxPFyjxW8nr79EF+2d9A/WuAxf1ewGifWaor/x5fOqBupro=
=i/Mh
-----END PGP SIGNATURE-----

News for package awstats