From ${URL} : Thomas Pollet (thomas.pollet@gmail.com) reports: Also, the rrdtool python module crashes on format string exploit $ python -c "import rrdtool rrdtool.graph('/tmp/out.png','-f','%n%n')" Segmentation fault this module is used by zenoss to create graphs (zenoss users are able to pass arguments to rrdtool). @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not.
Fix at [1], note that Red Hat is of the opinion [2] that this is not a security bug. [1] https://github.com/oetiker/rrdtool-1.x/pull/397 [2] https://bugzilla.redhat.com/show_bug.cgi?id=969296#c6
Arch teams, please test and mark stable: =net-analyzer/rrdtool-1.4.8 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86
ia64 stable
amd64 stable
x86 stable
alpha stable
Stable for HPPA.
arm stable
ppc stable
ppc64 stable
sparc stable. Maintainer(s), please cleanup. Security, please vote.
Arches and Maintainer(s), Thank you for your work. GLSA Vote: No
GLSA vote: no. Closing as [noglsa].