[ubuntu/raring-proposed] munin 2.0.2-1ubuntu3 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Nov 5 14:45:34 UTC 2012 

munin (2.0.2-1ubuntu3) raring; urgency=low

  * SECURITY UPDATE: privilege escalation via root running plugins
    - debian/patches/CVE-2012-3512.patch: run each plugin in their own
      state directory in Makefile, Makefile.config,
      node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
      plugins/node.d/*.in,plugins/node.d.linux/*.in.
    - CVE-2012-3512
  * SECURITY UPDATE: remote code exection via bad arguments
    - debian/patches/CVE-2012-3513.patch: use MUNIN_CONFIG env variable
      instead of @ARGV to specify alternate config file in
      master/_bin/munin-cgi-graph.in, master/_bin/munin-cgi-html.in.
    - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
      MUNIN_PLUGSTATE being in the environment as these scripts also get
      run by a cron job in plugins/node.d.linux/apt_all.in,
      plugins/node.d.linux/apt.in.
    - CVE-2012-3513
  * debian/rules: actually apply quilt patches.
  * debian/Makefile.config: added new plugin state directory location.
  * debian/munin-node.{postinst,postrm}: Switch to new plugin state
    directory.

Date: Mon, 05 Nov 2012 09:28:03 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/raring/+source/munin/2.0.2-1ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 05 Nov 2012 09:28:03 -0500
Source: munin
Binary: munin-node munin-plugins-core munin-plugins-extra munin-plugins-java munin munin-common munin-async munin-doc
Architecture: source
Version: 2.0.2-1ubuntu3
Distribution: raring
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 munin      - network-wide graphing framework (grapher/gatherer)
 munin-async - network-wide graphing framework (async master/client)
 munin-common - network-wide graphing framework (common)
 munin-doc  - network-wide graphing framework (documentation)
 munin-node - network-wide graphing framework (node)
 munin-plugins-core - network-wide graphing framework (plugins for node)
 munin-plugins-extra - network-wide graphing framework (user contributed plugins for nod
 munin-plugins-java - network-wide graphing framework (java plugins for node)
Changes: 
 munin (2.0.2-1ubuntu3) raring; urgency=low
 .
   * SECURITY UPDATE: privilege escalation via root running plugins
     - debian/patches/CVE-2012-3512.patch: run each plugin in their own
       state directory in Makefile, Makefile.config,
       node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
       plugins/node.d/*.in,plugins/node.d.linux/*.in.
     - CVE-2012-3512
   * SECURITY UPDATE: remote code exection via bad arguments
     - debian/patches/CVE-2012-3513.patch: use MUNIN_CONFIG env variable
       instead of @ARGV to specify alternate config file in
       master/_bin/munin-cgi-graph.in, master/_bin/munin-cgi-html.in.
     - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
       MUNIN_PLUGSTATE being in the environment as these scripts also get
       run by a cron job in plugins/node.d.linux/apt_all.in,
       plugins/node.d.linux/apt.in.
     - CVE-2012-3513
   * debian/rules: actually apply quilt patches.
   * debian/Makefile.config: added new plugin state directory location.
   * debian/munin-node.{postinst,postrm}: Switch to new plugin state
     directory.
Checksums-Sha1: 
 6047085570296e974fb127e74b645537f0b17ef2 2463 munin_2.0.2-1ubuntu3.dsc
 a90780d01190d8ce5edc83702b0a3e911ffd32cc 56826 munin_2.0.2-1ubuntu3.diff.gz
Checksums-Sha256: 
 a73de02823acfb87623ddbaff8883340bf6a81a726f90dcfbfb58c0ff983d000 2463 munin_2.0.2-1ubuntu3.dsc
 2192400dbd53c06522784b9c6eb3c52a1eb0cbb590a1f282460b86a6030d8811 56826 munin_2.0.2-1ubuntu3.diff.gz
Files: 
 cac5ec1ee982d6eac88efc3884d23eae 2463 net optional munin_2.0.2-1ubuntu3.dsc
 2bb1a3f212b6499ed1acb671d9355f5f 56826 net optional munin_2.0.2-1ubuntu3.diff.gz
Original-Maintainer: Munin Debian Maintainers <packaging at munin-monitoring.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBCgAGBQJQl8/dAAoJEGVp2FWnRL6TwLcQAIMXM5u4gjYRLBnNk5Dji+Zr
lYba8yuNfxQbljF6LzAYCk6wmuXr2BbVykYvAFSQ6mAHD5Gp7gK4mq5P9k9tXsLN
aVKQ2DPeNlN9tVRWR7o+eOEv8xTC+6RvJ5Y5iCA+rA13uwiYhgPjLerHKhApIuID
vAx3OgfFpO9SJZJMiexfpDljceUo1+lPjRk6STjwcyQEg/U9/KQ9ZyeUkZGx+AXW
SS/36MmngiGcvEGQ6u2OJ+1K8i8SA+wO/1OAFWP1HsloXR056LZOglBJaYXr062u
yqsG0NZNx6l1BXvrmdJovgkCMozeMwGVGSxlmsxDyN6Xc6AJS9iqW63mlKWP52dN
/8B46JhTKF+20BdHtuL4LC5v497mu0N0uEFx40FAID2Q7OSTKKVGua9XaNZE0Smb
DCvQYqaWoAt3jrgiPOBNX5L7kZGXP/c7DOQYf9B4cyb/u7p3NTg4Y8KOQJD7ejyV
F41xtPCAAuT/3EmxaMfIy/bvkTSFPKlV9Lyn6agDuYCsuxITL04FyqLunZGDbgfy
BcKi0SeLxsDs5K6MzjUF+EExRA3fTKRoEV9AK3fCEwnIzIwQtzEpb4j6oauthkdD
Qlv1k3lnYyaLwhyaFnbxjJeJPW+kKBPeFr/aSG6dHyhg1Lsryn8PDK67Xs4pYWMf
92DUxDmUT+1LPm9pTMmK
=CdBr
-----END PGP SIGNATURE-----

More information about the Raring-changes mailing list