On 21. 02. 2017 15:01, Holger Levsen wrote: > Did you check whether 2.0.6 is affected as well? 2.999.6?
No, I did not check 2.0.6 or 2.999.6. Parameter handling seems to have been rewritten in 2.999.6. Looking at the source, it does not seem to be vulnerable to this specific problem: https://github.com/munin-monitoring/munin/blob/2.999.6/lib/Munin/Master/Graph.pm#L557 Best regards Tomaž
signature.asc
Description: OpenPGP digital signature
