Package: awstats Version: 7.6+dfsg-2+deb10u2 X-Debbugs-CC: [email protected] Severity: grave Tags: security
Hi, The following vulnerability was recently published for awstats. CVE-2025-63261[0]: | AWStats 8.0 is vulnerable to Command Injection via the open function Christian, let me know if you would like me to prepare an update for unstable. I note that you recently took over the package, but I can't quite work out where the canonical Git repo is now; the one at debian/awstats on Salsa is outdated. [0] https://security-tracker.debian.org/tracker/CVE-2025-63261 https://www.cve.org/CVERecord?id=CVE-2025-63261 Regards, -- ,''`. : :' : Chris Lamb `. `'` [email protected] / chris-lamb.co.uk `-
