Summary: | <net-analyzer/munin-2.0.33: munin-cgi-graph: arbitrary file write | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Thomas Deutschmann (RETIRED) <whissi> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graaff, sysadmin |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/munin-monitoring/munin/issues/721 | ||
See Also: | https://bugs.debian.org/855705 | ||
Whiteboard: | C2 [glsa cve] | ||
Package list: |
net-analyzer/munin-2.0.33
dev-perl/CGI-Fast-2.100.0 ppc
|
Runtime testing required: | --- |
Description
Thomas Deutschmann (RETIRED)
2017-02-22 20:21:12 UTC
*** Bug 625558 has been marked as a duplicate of this bug. *** Requires specific configuration (but the configuration is mentioned in wiki; https://wiki.gentoo.org/wiki/Munin#Full_CGI ) munin 2.0.33 is now in the tree. I propose to wait a few days for potential issues to shake out before going stable, since we are behind quite a bit (stable at 2.0.19 and last version in the tree was 2.0.25). munin 2.0.33 works fine in my test setup and no issues reported so far: let's stable the new version. Stable on amd64. x86 stable ppc stable Vulnerable version has been removed. (In reply to Hans de Graaff from comment #8) > Vulnerable version has been removed. Thank you all. New GLSA Request Filed. Gentoo Security Padawan ChrisADR This issue was resolved and addressed in GLSA 201710-05 at https://security.gentoo.org/glsa/201710-05 by GLSA coordinator Aaron Bauman (b-man). |