Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted awstats 7.6+dfsg-2+deb10u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Mon, 19 Apr 2021 19:17:08 +0000
Signed by: Adam Borowski <kilobyte@angband.pl>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 02 Feb 2021 09:35:23 +0100
Source: awstats
Architecture: source
Version: 7.6+dfsg-2+deb10u1
Distribution: buster
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Håvard Flaget Aasen <haavard_aasen@yahoo.no>
Closes: 891469 977190
Changes:
 awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium
 .
   * QA upload.
   * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
     pathname, even though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501. Closes: #891469
   * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
     accepts a partial absolute pathname (omitting the initial /etc), even
     though it was intended to only read a file in the
     /etc/awstats/awstats.conf format. NOTE: this issue exists because of
     an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
     Closes: #977190
Checksums-Sha1:
 5a320d5006fb968373012f0228c727288850f452 1931 awstats_7.6+dfsg-2+deb10u1.dsc
 f51a201d15645de4207add97fcddb38716711013 38988 awstats_7.6+dfsg-2+deb10u1.debian.tar.xz
 ea3cfb6923ed03cc21badeca4a75d829977731e7 7926 awstats_7.6+dfsg-2+deb10u1_source.buildinfo
Checksums-Sha256:
 2c618b668ba56aa38210f4e2dc5200468036d90750d1dcd17eef2c3885ec3780 1931 awstats_7.6+dfsg-2+deb10u1.dsc
 04aeb3dbba6df804fc03b4d1163a56de53fff73567e20091906bcf040c604e69 38988 awstats_7.6+dfsg-2+deb10u1.debian.tar.xz
 339914b255d19b48176c8041ddec3835f1e5a0f1b0aa1b224e4a6bfada3567a9 7926 awstats_7.6+dfsg-2+deb10u1_source.buildinfo
Files:
 2ddeb62f2f78efdbcb937f76139cc8f0 1931 web optional awstats_7.6+dfsg-2+deb10u1.dsc
 efa52247bf78258de7c7bcedc2b97b34 38988 web optional awstats_7.6+dfsg-2+deb10u1.debian.tar.xz
 90cc15318640e359306a59596ae9651a 7926 web optional awstats_7.6+dfsg-2+deb10u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEkjZVexcMh/iCHArDweDZLphvfH4FAmB8a/IACgkQweDZLphv
fH6A4Q//S+3BRONoW2UbZPw7SVkdqsXeEcBhVKLtDAZbgr7u2HjtDj0aFMy4wqRG
xWK15kD+QKHE9EJRk7zL1jUYiRZfz96EB/Xj/lM/rDMF/3Ed0BH6k+v1qSuSkq1T
ZoBNovQOC/T9Uij0UsKNT+Njpcvezc2qXq5aE5hx0eA8AfrjxAXYIg+AeArI7cU5
k9XFuDBb7sGYia26vgitug+J83mz2h2Gyw09V/dyXH2CAFTmSpYAH3DlbS4NQ8oB
WzMkovWqXn/nwx4bsLf/GO1hUfFWyWtN1cJLI0Yy9+6h0JaHt7JoXOom3BZMdJie
1UV9qI4Wniwu6weplgolRRggYhqUtbuCR45r//7La+8vN6a3AV9+vxLeIw/N7R0l
69H8s+z+X2Xr/iLuZZw+1fGch3CtdzZzu2Nj61WMKRSQQjU4cquy7tzFhdLrXIeg
AHxzmypPMTXLUNGIav9iy2lG4JbEc2KRVFHMH0kp++xif61ESV5o8WICprCPT2f/
oOpAQdo+vfqUzQDkNGVV70UlUprQ7yMi+oa/SJIRQ4v3TrCZ2O3wluJ7yUoRIZjo
yRXJYuKQeBMJG4sKn/Leh0Go0oiL7XUMVkD+43rBhubUdFM6hAJ+l8emwe9MkP9u
WJX8bQJxBT7luEQBv4XZbg1NN2l46FxVTNUi/yLBZciLxvvloc0=
=C1Ft
-----END PGP SIGNATURE-----

News for package awstats