Accepted awstats 7.6+dfsg-1+deb9u2 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 23 Dec 2020 15:25:22 +0100
Source: awstats
Binary: awstats
Architecture: source
Version: 7.6+dfsg-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Sergey B Kirpichev <skirpichev@gmail.com>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
awstats - powerful and featureful web server log analyzer
Closes: 891469 977190
Changes:
awstats (7.6+dfsg-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute
pathname, even though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501. (Closes: #891469)
* CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
accepts a partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
(Closes: #977190)
Checksums-Sha1:
b44ab1b293214e075e313988b535c2b4ee636d54 1583 awstats_7.6+dfsg-1+deb9u2.dsc
b0e1b64ed8fff6b61fc211f60034dac8bc1e90a5 38536 awstats_7.6+dfsg-1+deb9u2.debian.tar.xz
5af36cbce339bd13e96f94b5c0e067d6e1af6237 10157 awstats_7.6+dfsg-1+deb9u2_all.buildinfo
Checksums-Sha256:
cc7687562b18154e8daa642affd99b9c057b6345d3ccf8c97026576d045a5198 1583 awstats_7.6+dfsg-1+deb9u2.dsc
b52f083995e34130ebd599cf2df0da557bdfb7f2f1042953c57b3bc1060c5b3d 38536 awstats_7.6+dfsg-1+deb9u2.debian.tar.xz
62e8618c071fe35e8b158525ac50aca50d1f94fb8ea7189f8e3e574e203b3769 10157 awstats_7.6+dfsg-1+deb9u2_all.buildinfo
Files:
050e121da3a5f7f2a767302d68741908 1583 web optional awstats_7.6+dfsg-1+deb9u2.dsc
cba415cd2a5e536af8bd172a14a1dc52 38536 web optional awstats_7.6+dfsg-1+deb9u2.debian.tar.xz
f1730717b4bf848a1927843fae17286a 10157 web optional awstats_7.6+dfsg-1+deb9u2_all.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl/jWGYACgkQj/HLbo2J
BZ/STwf+KCos5MHCgr0TqYX/qkkORzTzNnDrkzBYTgaIIelPEV3CkK/anenF6XEo
LpzC1i/f72edpa6obXo3rpljw2nk8LSZ5Dxab0M2pArnU0+uqqfMXXUtpXesF0QL
HIY1wjR1iYyn/Vwpvxn+7Luzn1+QrqdumrRfAhtPt6f2nahoyGqA7qXGyeKF2QlU
zCH8C4Cjz4f6bh6ZONo+XO2nOq4XNK9VtrMfIiyAQqI1ZncsbCaEa/A77t0PJr7P
0XN7xnhi6iE+u1ZtmE7vpXt8BNENyKfV4AK0SaNmHKPeO2ytB5ntZ1FULqABPBiK
AYSQfwlUS2p+rhzRYWp/hoh/xzmqew==
=Qg50
-----END PGP SIGNATURE-----