Bug#856219: unblock: munin/2.0.31-1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#856219: unblock: munin/2.0.31-1
From: Holger Levsen <holger@debian.org>
Date: Sun, 26 Feb 2017 18:41:35 +0100
Message-id: <[🔎] 20170226174135.GA24459@layer-acht.org>
Reply-to: Holger Levsen <holger@debian.org>, 856219@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package munin, it fixes CVE-2017-6188, a local file write
vulnerability also tracked as #855705.

The ntp plugin change is unrelated but trivial and small (and part of the new
upstream release carrying the CVE fix).

$ diffstat munin_2.0.31-1.diff
 ChangeLog                            |   36 +++++++++++++++++++++++++++++++++++
 RELEASE                              |    2 -
 debian/changelog                     |    6 +++++
 master/_bin/munin-cgi-graph.in       |   22 +++++++++++++--------
 plugins/node.d/ntp_kernel_err.in     |    6 +----
 plugins/node.d/ntp_kernel_pll_off.in |    6 +----
 6 files changed, 61 insertions(+), 17 deletions(-)

unblock munin/2.0.31-1

The full debdiff is:


diff -Nru munin-2.0.30/ChangeLog munin-2.0.31/ChangeLog
--- munin-2.0.30/ChangeLog	2017-01-18 21:25:20.000000000 +0100
+++ munin-2.0.31/ChangeLog	2017-02-25 17:19:55.000000000 +0100
@@ -1,5 +1,41 @@
 -*- text -*-
 
+munin-2.0.31, 2017-02-25
+
+-------
+Summary
+-------
+
+Bugfix release.
+
+Closes: GH:607
+
+------------------
+Detailed Changelog
+------------------
+
+Kenyon Ralph (1):
+      ntp_kernel plugins: convert ntpq output to seconds
+
+
+munin-2.0.30.1, 2017-02-25
+
+-------
+Summary
+-------
+
+Security release.
+
+Closes: GH:721, D:855705, CVE-2017-6188
+
+------------------
+Detailed Changelog
+------------------
+
+Steve Schnepp (1):
+      Fix wrong parameter expansion in CGI
+
+
 munin-2.0.30, 2017-01-18
 
 -------
diff -Nru munin-2.0.30/debian/changelog munin-2.0.31/debian/changelog
--- munin-2.0.30/debian/changelog	2017-01-21 12:58:51.000000000 +0100
+++ munin-2.0.31/debian/changelog	2017-02-25 23:24:27.000000000 +0100
@@ -1,3 +1,9 @@
+munin (2.0.31-1) unstable; urgency=medium
+
+  * New upstream release, fixing CVE-2017-6188. (Closes: #855705)
+
+ -- Holger Levsen <holger@debian.org>  Sat, 25 Feb 2017 23:24:27 +0100
+
 munin (2.0.30-1) unstable; urgency=medium
 
   * New upstream release.
diff -Nru munin-2.0.30/master/_bin/munin-cgi-graph.in munin-2.0.31/master/_bin/munin-cgi-graph.in
--- munin-2.0.30/master/_bin/munin-cgi-graph.in	2017-01-18 21:25:20.000000000 +0100
+++ munin-2.0.31/master/_bin/munin-cgi-graph.in	2017-02-25 17:19:55.000000000 +0100
@@ -447,14 +447,20 @@
 		   '--output-file', $filename );
 
     # Sets the correct size on a by_graph basis
-    push @params, "--size_x", CGI::param("size_x")
-      if (defined(CGI::param("size_x")));
-    push @params, "--size_y", CGI::param("size_y")
-      if (defined(CGI::param("size_y")));
-    push @params, "--upper_limit", CGI::param("upper_limit")
-      if (CGI::param("upper_limit"));
-    push @params, "--lower_limit", CGI::param("lower_limit")
-      if (CGI::param("lower_limit"));
+
+    # using a temporary variable to avoid expansion in list context and fix CVE-2017-6188
+    my $size_x = CGI::param("size_x");
+    push @params, "--size_x", $size_x if defined $size_x;
+
+    my $size_y = CGI::param("size_y");
+    push @params, "--size_y", $size_y if defined $size_y;
+
+    my $upper_limit = CGI::param("upper_limit");
+    push @params, "--upper_limit", $upper_limit if defined $upper_limit;
+
+    my $lower_limit = CGI::param("lower_limit");
+    push @params, "--lower_limit", $lower_limit if defined $lower_limit;
+
 
     # Sometimes we want to set the IMG size, and not the canvas.
     push @params, "--full_size_mode"
diff -Nru munin-2.0.30/plugins/node.d/ntp_kernel_err.in munin-2.0.31/plugins/node.d/ntp_kernel_err.in
--- munin-2.0.30/plugins/node.d/ntp_kernel_err.in	2017-01-18 21:25:20.000000000 +0100
+++ munin-2.0.31/plugins/node.d/ntp_kernel_err.in	2017-02-25 17:19:55.000000000 +0100
@@ -53,9 +53,7 @@
 
 if [ $(ntpq -c version | grep --extended-regexp --only-matching '[[:digit:]]\.[[:digit:]]\.[[:digit:]]' | tr -d '.') -ge 427 ]
 then
-    cmd=ntpq
+    ntpq -c kerninfo | awk '/^estimated error:/ { print $3 / 1000 }'
 else
-    cmd=ntpdc
+    ntpdc -c kerninfo | awk '/^estimated error:/ { print $3 }'
 fi
-
-$cmd -c kerninfo | awk '/^estimated error:/ { print $3 }'
diff -Nru munin-2.0.30/plugins/node.d/ntp_kernel_pll_off.in munin-2.0.31/plugins/node.d/ntp_kernel_pll_off.in
--- munin-2.0.30/plugins/node.d/ntp_kernel_pll_off.in	2017-01-18 21:25:20.000000000 +0100
+++ munin-2.0.31/plugins/node.d/ntp_kernel_pll_off.in	2017-02-25 17:19:55.000000000 +0100
@@ -53,9 +53,7 @@
 
 if [ $(ntpq -c version | grep --extended-regexp --only-matching '[[:digit:]]\.[[:digit:]]\.[[:digit:]]' | tr -d '.') -ge 427 ]
 then
-    cmd=ntpq
+    ntpq -c kerninfo | awk '/^pll offset:/ { print $3 / 1000 }'
 else
-    cmd=ntpdc
+    ntpdc -c kerninfo | awk '/^pll offset:/ { print $3 }'
 fi
-
-$cmd -c kerninfo | awk '/^pll offset:/ { print $3 }'
diff -Nru munin-2.0.30/RELEASE munin-2.0.31/RELEASE
--- munin-2.0.30/RELEASE	2017-01-18 21:26:23.000000000 +0100
+++ munin-2.0.31/RELEASE	2017-02-25 20:58:15.000000000 +0100
@@ -1 +1 @@
-2.0.30
+2.0.31

-- 
cheers,
	Holger

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Bug#856219: unblock: munin/2.0.31-1
  - From: Holger Levsen <holger@layer-acht.org>
- Bug#856219: marked as done (unblock: munin/2.0.31-1)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Bug#855857: marked as done (unblock: nagios-plugins-contrib/21.20170222)
Next by Date: Bug#855592: marked as done (unblock: armadillo/1:7.600.2+dfsg-2)
Previous by thread: Bug#856205: marked as done (unblock: vbrfix/0.24+dfsg-1)
Next by thread: Bug#856219: unblock: munin/2.0.31-1
Index(es):
- Date
- Thread