[ubuntu/lucid-proposed] munin 1.4.4-1ubuntu1.2 (Accepted)

[Jamie Strandboge]

munin (1.4.4-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: symlink vulnerability in qmailscan plugin
    - debian/patches/CVE-2012-2103.patch: remove the use of tempfiles in
      plugins/node.d/qmailscan.in.
    - CVE-2012-2103
  * SECURITY UPDATE: privilege escalation via root running plugins
    - debian/patches/CVE-2012-3512.patch: run each plugin in their own
      state directory in Makefile, Makefile.config,
      node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
      plugins/node.d/*.in,plugins/node.d.linux/*.in.
    - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
      MUNIN_PLUGSTATE being in the environment as these scripts also get
      run by a cron job in plugins/node.d.linux/apt_all.in,
      plugins/node.d.linux/apt.in.
    - CVE-2012-3512
  * debian/Makefile.config: added new plugin state directory location.
  * debian/munin-node.{postinst,postrm}: Remove old plugin state directory
    override, also remove new plugin state directory.

Date: 2012-10-17 15:20:33.865930+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/lucid/+source/munin/1.4.4-1ubuntu1.2
-------------- next part --------------
Sorry, changesfile not available.