* New upstream release. Closes: bug#293702, #293668 (thanks to Nelson A. de Oliveira <naoliv@biolinux.df.ibilce.unesp.br>). + Includes upstream fix for security bug fixed in 6.2-1.1. + Includes upstream fix for most of security bug fixed in 6.2-1.1. * Acknowledge NMUs. Closes: bug#291064, #294488 (thanks to Martin Schulze <joey@infodrom.org>, Martin Pitt <mpitt@debian.org>, Ubuntu, Joey Hess <joeyh@debian.org>, Frank Lichtenheld <djpig@debian.org> and Steve Langasek <vorlon@debian.org>). * Include patch for last parts of security bug fixed in 6.2-1.1: 01_sanitize_more.patch. * Patch (02) to include snapshot of recent development: + Fix security hole that allowed a user to read log file content even when plugin rawlog was not enabled. + Fix a possible use of AWStats for a DoS attack. + configdir option was broken on windows servers. + DebugMessages is by default set to 0 for security reasons. + Minor fixes. * References: CAN-2005-0435 - read server logs via loadplugin and pluginmode CAN-2005-0436 - code injection via PluginMode CAN-2005-0437 - directory traversal via loadplugin CAN-2005-0438 - information leak via debug