On Feb 23, 2017 11:52 AM, "Holger Levsen" wrote:
tomorrow, or at least until upstream (cc:ed) has confirmed this is the
right patch?
The patch is indeed quite minimal, and address the issue. It therefore
looks very ok to me.
Note that I did not plan to take it as is, but use the 2.999.x code
Hi Holger,
On Thu, Feb 23, 2017 at 10:52:10AM +, Holger Levsen wrote:
> Hi Salvatore,
>
> On Thu, Feb 23, 2017 at 09:44:33AM +0100, Salvatore Bonaccorso wrote:
> > I prepared an update for jessie-security. could you verify that the
> > packages at https://people.debian.org/~carnil/tmp/munin/
Hi Salvatore,
On Thu, Feb 23, 2017 at 09:44:33AM +0100, Salvatore Bonaccorso wrote:
> I prepared an update for jessie-security. could you verify that the
> packages at https://people.debian.org/~carnil/tmp/munin/ are still
> functioning as expected?
please wait until releasing this until 2.0.31 h
On 23. 02. 2017 09:44, Salvatore Bonaccorso wrote:
> I prepared an update for jessie-security. could you verify that the
> packages at https://people.debian.org/~carnil/tmp/munin/ are still
> functioning as expected?
Thanks for the update! I installed your packages and they work as
expected with m
Hi
I prepared an update for jessie-security. could you verify that the
packages at https://people.debian.org/~carnil/tmp/munin/ are still
functioning as expected?
Regards,
Salvatore
On 21. 02. 2017 15:01, Holger Levsen wrote:
> Did you check whether 2.0.6 is affected as well? 2.999.6?
No, I did not check 2.0.6 or 2.999.6.
Parameter handling seems to have been rewritten in 2.999.6. Looking at
the source, it does not seem to be vulnerable to this specific problem:
https://git
control: forwarded -1 https://github.com/munin-monitoring/munin/issues/721
control: tags -1 + upstream
Hi Tomaž,
On Tue, Feb 21, 2017 at 02:42:26PM +0100, Tomaž Šolc wrote:
> Munin package in Jessie has a local file write vulnerability when CGI graphs
> are
> enabled. Setting multiple "upper_lim
7 matches
Mail list logo
