Your message dated Sat, 11 Jul 2026 10:32:47 +0000
with message-id <[email protected]>
and subject line Released in 13.6
has caused the Debian Bug report #1138164,
regarding trixie-pu: package awstats/7.9-1+deb13u2
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1138164: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1138164
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
Tags: trixie
X-Debbugs-Cc: [email protected]
Control: affects -1 + src:awstats
User: [email protected]
Usertags: pu
[ Reason ]
There is a bug in awstats which freezes process at some conditions based
on keyword detections.
Bug reported upstream https://github.com/eldy/AWStats/issues/250
[ Impact ]
Pacakges is unusable with IIS log file.
[ Tests ]
Tested in a virtualmachine with a Internet Information Server log file.
[ Risks ]
Very small, the patch add only tests if 3 variable aren't empty.
[ Checklist ]
[*] *all* changes are documented in the d/changelog
[*] I reviewed all changes and I approve them
[*] attach debdiff against the package in (old)stable
[*] the issue is verified as fixed in unstable
[ Changes ]
Added upstream patch to fix this issue
https://github.com/eldy/AWStats/pull/247/changes/1326f2baacecb7be2c8718a8ae99b47e2f9d74f9
Christian
diff -Nru awstats-7.9/debian/changelog awstats-7.9/debian/changelog
--- awstats-7.9/debian/changelog 2026-04-04 16:48:04.000000000 +0200
+++ awstats-7.9/debian/changelog 2026-05-22 11:10:34.000000000 +0200
@@ -1,3 +1,9 @@
+awstats (7.9-1+deb13u2) trixie; urgency=medium
+
+ * Add upstream patch to fix freeze on keyword stat (Closes: #1135203)
+
+ -- Christian Marillat <[email protected]> Fri, 22 May 2026 11:10:34 +0200
+
awstats (7.9-1+deb13u1) trixie; urgency=medium
* Non-maintainer upload by the LTS Security Team.
diff -Nru awstats-7.9/debian/patches/BTS-1135203.patch
awstats-7.9/debian/patches/BTS-1135203.patch
--- awstats-7.9/debian/patches/BTS-1135203.patch 1970-01-01
01:00:00.000000000 +0100
+++ awstats-7.9/debian/patches/BTS-1135203.patch 2026-05-22
11:10:34.000000000 +0200
@@ -0,0 +1,40 @@
+From 1326f2baacecb7be2c8718a8ae99b47e2f9d74f9 Mon Sep 17 00:00:00 2001
+From: Manuel Mausz <[email protected]>
+Date: Thu, 22 Feb 2024 10:41:00 +0100
+Subject: [PATCH] Sorting tree: Check if the key exists. Do not care about its
+ value.
+
+Fixes eldy/AWStats#246
+---
+ wwwroot/cgi-bin/awstats.pl | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+--- a/wwwroot/cgi-bin/awstats.pl
++++ b/wwwroot/cgi-bin/awstats.pl
+@@ -8366,7 +8366,7 @@ sub AddInTree {
+ }
+ return;
+ }
+- if ( $val{$keyval} ) { # Val is already in tree
++ if ( exists($val{$keyval}) ) { # Val is already in tree
+ if ($Debug) { debug( " val is already in tree", 4 ); }
+ $egal{$keytoadd} = $val{$keyval};
+ $val{$keyval} = $keytoadd;
+@@ -8413,7 +8413,7 @@ sub AddInTree {
+ while ( $nextval{$valcursor} && ( $nextval{$valcursor} < $keyval ) ) {
+ $valcursor = $nextval{$valcursor};
+ }
+- if ( $nextval{$valcursor} )
++ if ( exists($nextval{$valcursor}) )
+ { # keyval is between valcursor and nextval{valcursor}
+ $nextval{$keyval} = $nextval{$valcursor};
+ }
+@@ -8441,7 +8441,7 @@ sub Removelowerval {
+ if ($Debug) {
+ debug( " remove for lowerval=$lowerval: key=$keytoremove", 4
);
+ }
+- if ( $egal{$keytoremove} ) {
++ if ( exists($egal{$keytoremove}) ) {
+ $val{$lowerval} = $egal{$keytoremove};
+ delete $egal{$keytoremove};
+ }
diff -Nru awstats-7.9/debian/patches/series awstats-7.9/debian/patches/series
--- awstats-7.9/debian/patches/series 2026-04-04 11:05:33.000000000 +0200
+++ awstats-7.9/debian/patches/series 2026-05-22 11:10:34.000000000 +0200
@@ -11,3 +11,4 @@
2008_twitter.patch
2009_googlesearch.patch
CVE-2025-63261.patch
+BTS-1135203.patch
--- End Message ---
--- Begin Message ---
Version: 13.6
This update was released as part of 13.6.
--- End Message ---