Package: sponsorship-requests Severity: important Dear mentors,
I am looking for a sponsor for my package "awstats": * Package name : awstats Version : 7.8-2 Upstream Author : Laurent Destailleur <e...@users.sourceforge.net> * URL : http://awstats.sourceforge.net/ * License : Apache-2.0, GPL-1+, GPL-3+, CC-BY-3.0 * Vcs : https://salsa.debian.org/debian/awstats Section : web It builds those binary packages: awstats - powerful and featureful web server log analyzer To access further information about this package, please visit the following URL: https://mentors.debian.net/package/awstats/ Alternatively, one can download the package with dget using this command: dget -x https://mentors.debian.net/debian/pool/main/a/awstats/awstats_7.8-2.dsc Changes since the last upload: awstats (7.8-2) unstable; urgency=high . * QA upload. * CVE-2020-35176: in AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600. Closes: #977190 This only adds an upstream patch to close a CVE Regards, Håvard
