← Back to branch summary

~ubuntu-branches/ubuntu/raring/munin/raring

Viewing all changes in revision 52.

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2012-11-05 09:28:03 UTC
  • Revision ID: package-import@ubuntu.com-20121105092803-ergdmv0d10gajqq6
Tags: 2.0.2-1ubuntu3
* SECURITY UPDATE: privilege escalation via root running plugins
  - debian/patches/CVE-2012-3512.patch: run each plugin in their own
    state directory in Makefile, Makefile.config,
    node/lib/Munin/Node/{OS,Service}.pm, plugins/lib/Munin/Plugin.pm,
    plugins/node.d/*.in,plugins/node.d.linux/*.in.
  - CVE-2012-3512
* SECURITY UPDATE: remote code exection via bad arguments
  - debian/patches/CVE-2012-3513.patch: use MUNIN_CONFIG env variable
    instead of @ARGV to specify alternate config file in
    master/_bin/munin-cgi-graph.in, master/_bin/munin-cgi-html.in.
  - debian/patches/CVE-2012-3512-regression.patch: Don't rely on
    MUNIN_PLUGSTATE being in the environment as these scripts also get
    run by a cron job in plugins/node.d.linux/apt_all.in,
    plugins/node.d.linux/apt.in.
  - CVE-2012-3513
* debian/rules: actually apply quilt patches.
* debian/Makefile.config: added new plugin state directory location.
* debian/munin-node.{postinst,postrm}: Switch to new plugin state
  directory.

expand all expand all

Show diffs side-by-side

added added

removed removed

Lines of Context: