awstats 7.6+dfsg-2+deb10u1 source package in Debian
Changelog
awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium
* QA upload.
* CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
pathname, even though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501. Closes: #891469
* CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
accepts a partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
Closes: #977190
-- HÃ¥vard Flaget Aasen <email address hidden> Tue, 02 Feb 2021 09:35:23 +0100
Upload details
- Uploaded by:
- Debian QA Group
- Uploaded to:
- Buster
- Original maintainer:
- Debian QA Group
- Architectures:
- all
- Section:
- web
- Urgency:
- Medium Urgency
See full publishing history Publishing
| Series | Published | Component | Section | |
|---|---|---|---|---|
| Buster | release | main | web |
Builds
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| awstats_7.6+dfsg-2+deb10u1.dsc | 1.9 KiB | 2c618b668ba56aa38210f4e2dc5200468036d90750d1dcd17eef2c3885ec3780 |
| awstats_7.6+dfsg.orig.tar.gz | 2.8 MiB | ac19025ba103e65a1799f947d26562c0dd116d76414b461ad564fa36936a634e |
| awstats_7.6+dfsg-2+deb10u1.debian.tar.xz | 38.1 KiB | 04aeb3dbba6df804fc03b4d1163a56de53fff73567e20091906bcf040c604e69 |
No changes file available.
