Package: sponsorship-requests Severity: important Dear mentors,
I am looking for a sponsor for my package "awstats": * Package name : awstats Version : 7.6+dfsg-2+deb10u1 Upstream Author : Laurent Destailleur <[email protected]> * URL : http://awstats.sourceforge.net/ * License : Apache-2.0, GPL-3+, CC-BY-3.0, GPL-1+ * Vcs : http://anonscm.debian.org/gitweb/?p=collab-maint/awstats.git;a=summary Section : web It builds those binary packages: awstats - powerful and featureful web server log analyzer To access further information about this package, please visit the following URL: https://mentors.debian.net/package/awstats/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/awstats/awstats_7.6+dfsg-2+deb10u1.dsc Changes since the last upload: awstats (7.6+dfsg-2+deb10u1) buster; urgency=medium . * QA upload. * CVE-2020-29600: cgi-bin/awstats.pl?config= accepts an absolute pathname, even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501. Closes: #891469 * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. Closes: #977190 This upload was approved with bug #982996. Afterwards I changed it from a NMU to QA upload. Regards, Håvard
