X-Original-To: alpine-aports@lists.alpinelinux.org Received: from mail-lf0-f67.google.com (mail-lf0-f67.google.com [209.85.215.67]) by lists.alpinelinux.org (Postfix) with ESMTP id 45F2C5C46A0 for ; Mon, 3 Apr 2017 11:18:29 +0000 (GMT) Received: by mail-lf0-f67.google.com with SMTP id v2so12549198lfi.2 for ; Mon, 03 Apr 2017 04:18:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id; bh=IYvhKzavfSkDZBGC+c3DzPYafvCncNif6OjyBVYRjsc=; b=IPiYNo8deYCPmFSN6MT0NA3th2Ia+nbqDEDeKOuvKBjn5APZF4gbledf+O4gxQBWG5 lCidKyrVuIm9O1kXerLIA5S7hrBBJLLXrkeKNC0JsC6tqCeuTNuYxx2qyYJJNtEcPckr kfKi/8eMW8flRrLdkk9KlEjgpL05ZVSktpyxMUMLhixR1iTfF5fOyTR5UWb4p6l/f4c3 Uq+2X0Czm3hvNzS/R2MHA5Iz3nYpw2nt6QUNZcaRfU01HCHTHKQpRsEpt3+BNTpORVKR AK3sGu1laQTjqFsaOkyBlM7bSU5mtnyA7+gjTjBqxKmH1P6zT5mTnwkHoErqjmvGBtw7 0vgQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=IYvhKzavfSkDZBGC+c3DzPYafvCncNif6OjyBVYRjsc=; b=Xo45LxWFOdr3OFIuEboPrDwbMSPa5Jt8SAiWPNXVg24NOvsWNjkrdE5rmcdaxYdrQK IhIsT35ih738xSDBFx2ZXdehV895+DtMR+Bg50h7MeXQuoEHDGTboosBXpJRIudsG/Xb F2dJMXaG2FHQI5rc3ZUULBstE/GH4WEV3sOPZf08IFZkVKmiYSy+hAwM20Xd3IlEFIwg LXRr0yQNxTPYVscvRRP5tcOi6cId4Bqt5R+h29GnMtGbbWakKfIiiDEMj0riZrtXKZzr W/n0CePloNQHVtneggsSYnolaYP0l4f+VPOr5O5e5nsTPdF8H4DhSTtoBqAOkxzu2z8i XN7g== X-Gm-Message-State: AFeK/H2F+yyyXgaBKrcL9OBCOCPXnlckiVAcOzr/U2We8UqSiygKHSEKnQczf8mxWuwijA== X-Received: by 10.46.83.12 with SMTP id h12mr4705785ljb.84.1491218308546; Mon, 03 Apr 2017 04:18:28 -0700 (PDT) Received: from v3-5.util.wtbts.net ([83.145.235.199]) by smtp.gmail.com with ESMTPSA id r10sm2458278ljd.54.2017.04.03.04.18.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 03 Apr 2017 04:18:28 -0700 (PDT) From: Sergei Lukin To: alpine-aports@lists.alpinelinux.org Cc: Sergei Lukin Subject: [alpine-aports] [PATCH v3.5] community/munin: security upgrade to 2.0.33 - fixes #6952 Date: Mon, 3 Apr 2017 11:18:13 +0000 Message-Id: <20170403111813.20307-1-sergej.lukin@gmail.com> X-Mailer: git-send-email 2.11.1 X-Mailinglist: alpine-aports Precedence: list List-Id: Alpine Development List-Unsubscribe: List-Post: List-Help: List-Subscribe: CVE-2017-6188: Local file write vulnerability with CGI graphs enabled --- >From 2.0.25 till 2.0.33 munin had only bugfix/security releases https://fossies.org/linux/munin/ChangeLog community/munin/APKBUILD | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/community/munin/APKBUILD b/community/munin/APKBUILD index 4b0e09b879..68ad35c188 100644 --- a/community/munin/APKBUILD +++ b/community/munin/APKBUILD @@ -1,8 +1,9 @@ +# Contributor: Sergei Lukin # Contributor: Stefan Wagner # Maintainer: Stefan Wagner pkgname=munin -pkgver=2.0.25 -pkgrel=1 +pkgver=2.0.33 +pkgrel=0 pkgdesc="A distributed monitoring/graphing tool" url="http://munin-monitoring.org/" arch="noarch" @@ -21,6 +22,11 @@ source="http://downloads.munin-monitoring.org/munin/stable/$pkgver/$pkgname-$pkg $pkgname-node.initd $pkgname.logrotate $pkgname-node.logrotate" + +# secfixes: +# 2.0.33-r0: +# - CVE-2017-6188 + builddir="$srcdir/$pkgname-$pkgver" build() { @@ -59,19 +65,19 @@ node() { "$subpkgdir"/etc/init.d/$subpkgname } -md5sums="b418a667ce42665557329a7ac3bd1b93 munin-2.0.25.tar.gz +md5sums="0d413df786d8f0b9862ecd794e739edf munin-2.0.33.tar.gz 4fce4fdc2d1c9d5f3f1d9b77afad6027 munin-config.patch b474180bc97e870be7a80d1824fe1ceb munin.crond a1bcfd3b2f696b2e56eff81fae5049d8 munin-node.initd 90ec26232e622fe3c708b519543bd937 munin.logrotate f75f125ee68eb60347eb8d57c616eaa1 munin-node.logrotate" -sha256sums="6832bc5839d03639e4309178d9370697fc8a80a83d9b6653953f40161e949694 munin-2.0.25.tar.gz +sha256sums="1c6f994bf62d6dee89554efba0733b6f96d4130ba906162c32f77587088974c4 munin-2.0.33.tar.gz ceec0ba906ffaaa97621bf11c537cca594c96e8f9c86f2aa254b55ca57546b97 munin-config.patch f388434231dfd645be85654ac35a09315feac2f923e297f2aa8c11392e2ae4dc munin.crond 59269b33d23813969f7e9700cb3bb60c687fb502fcfed1ce23985e8b673d9da9 munin-node.initd 691b40eff51dafac2a5bef5a9c858f25dcb33e3633196ebfcc13353f203689d7 munin.logrotate 8d1d05ff21328f008acba361d2776651bd2cff44229f7ec570f03c525c9b6d46 munin-node.logrotate" -sha512sums="a29563cfef26b05237b3813b44b5582563f2f75477ae3c076540cfb4f3e83f89193bd05fd7eae208d9d1bae58aff75977cc2c5f4de81225f0cbb2ba2c41effa9 munin-2.0.25.tar.gz +sha512sums="aa6df8555dfd09585619376a4e9f20c2c6092e70076041ff3dcf987f6eab3caf2880ce32432f71f7b0493808d9e5dbc11e352aa636c39f22ad355409342feb70 munin-2.0.33.tar.gz a1c691a4c5d7d2619ea6d2605c71a23eeaa65f9cf533477524927bc3244371e271a4dadf24e71d6630f3ea8d6ad56f26bed83330a22ff0573e67c5cafe66cf17 munin-config.patch 194b742b2ff8312c4c42a8a77d1d9a80bc53ced2343248c36f4229b0b0d366e898487fb5e415f1f5ccea7210a7a86e25de5e45193dbb5d26d2d6a195f0597642 munin.crond 4b2a49a7bcb64eef65eee3b77ce86ca2cd8afef681922fdb830cb382f334c07356576f1151f4423f066ba8ac1c2d9a51cf9ff3d4dd4b18a5c1e2c95abcd9a940 munin-node.initd -- 2.11.1 --- Unsubscribe: alpine-aports+unsubscribe@lists.alpinelinux.org Help: alpine-aports+help@lists.alpinelinux.org ---