Originally uploaded to
debian sid in
Primary Archive for Debian GNU/Linux
Changelog
awstats (7.8-2) unstable; urgency=high
* QA upload.
* CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config=
accepts a partial absolute pathname (omitting the initial /etc), even
though it was intended to only read a file in the
/etc/awstats/awstats.conf format. NOTE: this issue exists because of
an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.
Closes: #977190
-- HÃ¥vard Flaget Aasen <email address hidden> Tue, 02 Feb 2021 08:56:57 +0100