[gentoo-dev] net-www/awstats: security issues, revbump (and probably maintainer) needed

[gentoo-dev] net-www/awstats: security issues, revbump (and probably maintainer) needed

[Stefan Cornelius]

Hi Gang,

net-www/awstats is masked because it has open security issues (including
remote code execution), see bug #130487 for details. Version 6.6 was
made to fix it, but unfortunately this version is not working at all
(see bug #134296), so we are trapped between unusable and vulnerable
versions.

Jakub made a patch for version 6.5 to fix this vulnerabilities, but that
very patch still needs to be incorporated into an ebuild and commited as
revbump.

So, if anyone volunteers to step up and revbump 6.5 with patch (or fix
6.6 so that it's usable), please don't hesitate. It would be also cool
to have a new maintainer for this one, since ka0ttic seems to be
missing.


Thanks in advance,

Stefan 'DerCorny' Cornelius

-- 
gentoo-dev@gentoo.org mailing list

Re: [gentoo-dev] net-www/awstats: security issues, revbump (and probably maintainer) needed

[Stefan Cornelius]

CHTEKK does this one, thanks.


> Hi Gang,
> 
> net-www/awstats is masked because it has open security issues (including
> remote code execution), see bug #130487 for details. Version 6.6 was
> made to fix it, but unfortunately this version is not working at all
> (see bug #134296), so we are trapped between unusable and vulnerable
> versions.
> 
> Jakub made a patch for version 6.5 to fix this vulnerabilities, but that
> very patch still needs to be incorporated into an ebuild and commited as
> revbump.
> 
> So, if anyone volunteers to step up and revbump 6.5 with patch (or fix
> 6.6 so that it's usable), please don't hesitate. It would be also cool
> to have a new maintainer for this one, since ka0ttic seems to be
> missing.
> 
> 
> Thanks in advance,
> 
> Stefan 'DerCorny' Cornelius
> 

-- 
gentoo-dev@gentoo.org mailing list