This bug was fixed in the package munin - 2.0.9-1ubuntu1

---------------
munin (2.0.9-1ubuntu1) raring; urgency=low

  * Merge from Debian unstable (LP: #1089218). Remaining changes:
    - d/munin-node.upstart,munin.upstart: Add upstart configurations.
    - debian/patches/fix_ran_out_of_children.patch:
      + Fix occasional "Ran out of children: No child processes" error messages
        (LP: #1009357).

munin (2.0.9-1) experimental; urgency=low

  * New upstream bugfix release(s).
    - Drop all debian/patches/ (except 100-DejaVu-Fonts-Path.patch) as they
      were included in 2.0.7-2.0.9.
  * Remove libcgi-fast-perl from munin's depends.
  * Add libapache2-mod-fcgid to munin's suggests.
  * Support libapache2-mod-fcgid in /etc/munin/apache.conf out of the box
    (Closes: #695228), remove configuration for libapache2-mod-fastcgi as it's
    non-free.
  * debian/rules: set MUNIN_VERSION correctly during build. (Closes: #694527)

munin (2.0.6-2) UNRELEASED; urgency=low

  * munin-node.postinst: delete /var/lib/munin(-node)/plugin-state recursively
    on purge. The plugin-state is outdated after a few minutes anyway.
    (Closes: #687715)
  * Fix "/etc/apache2/conf.d/munin removed on upgrade":
    - debian/munin.postinst: create symlink for new installs and also for
      upgrades from versions where it was still removed (up to 1.4.6-3) but
      not re-created (from 1.4.6-1 onwards). Thanks to Gregor Herrman for the
      patch and intrigeri for reviewing. (Closes: #677943)
  * Add documentation for munin-async, thanks to Daniel Black.
    (Closes: #681803)
  * Patch node/munin-node.conf.in to allow incoming IPv6 from localhost,
    mostly to document that IPv6 addresses are allowed as well. Thanks to
    Daniel Black. (Closes: #676798)
    This is debian/patches/238-munin-node-ipv6allow.patch
  * HTMLConfig.pm: cherry-pick 789c59e from 2.0.7 to avoid (using the default
    configuration) /var/log/munin/munin-html.log being flooded with 106 lines
    of noisy warnings (out of 112 lines in total) every 5min. (Closes: #689291)
    This is debian/patches/239-fix-too-many-warnings-in-munin-graph.log.patch
  * munin-doc: Break and replace munin-common << 2. (Closes: #694355)
  * selinux_avcstat plugin: Do not use the "read without variable" bashism,
    thanks to intrigeri for the patch. (Closes: #690711)
    This is 240-Do-not-use-the-read-without-variable-bashism.patch
  * Have master support multi-homed nodes that only listen on IPv4.
    (Closes: #678662) This is upstream commit a18229c5, thanks to Michael
    Renner for the testing and the patch!
    This is debian/patches/241-master-connect-to-AAAA-and-A-address.patch
  * Fix wrong assumption about Net::SSLeay::CTX_set_options return value.
    Thanks to intrigeri for this patch. (Closes: #675377)
    This is 242-Fix-wrong-assumption-about-Net-SSLeay-CTX_set_option.patch
  * http_loadtime plugin: fix stderr redirection (which broke the plugin
    completely) (Closes: #691448)
    This is 243-http_loadtime-fixed-stderr-redirection-with-time.patch
  * apt_all plugin: the apt_all plugin has its state updated in cron. There
    the ENV var MUNIN_PLUGSTATE doesn't exist, so we need to set a default.
    (Closes: #687495). This has been in included in 2.0.7 and is
    debian/patches/244-fix-apt_all-plugin-statedir-for-cron.patch
  * munin-async.init: Run munin-async after munin-node has been started.
    (Closes: #691390) - Thanks to Daniel Black for this and the next two
    fixes:
  * munin-async.postinst: fix /var/lib/munin-async ownership (once on upgrades
    from previous versions) and for new installs. (Closes: #691309)
  * munin-async.logrotate: correct location of munin-async logfiles.
    (Closes: #691758)
  * Use dh --with quilt so that the patches are actually applied.
    (Closes: #691327)
  * Drop 101-suppress-occasional-unknown-states-to-avoid-alerts.patch which
    is included since munin 1.4.4.

munin (2.0.6-1) unstable; urgency=high

  * New upstream release 2.0.6, switching back to cron graphing (as it better
    for small setups) and besides that only containing bugfixes, but many of
    them. See the upstream ChangeLog for the full list.
    - munin-node: more secure state file handling, introducing a new plugin
      state directory root, owned by uid 0. Then each plugin runs in its own
      UID plugin state directory, owned by the said UID. (Closes: #684075),
      (Closes: #679897), closes CVE-2012-3512.
      So all properly written plugins will use
      /var/lib/munin-node/plugin-state/$uid/$some_file now - please report
      plugins that are still using /var/lib/munin/plugin-state/ - as those
      might pose a security risk!
    - munin-cgi-graph: ignore @ARGV to fix CVE-2012-3513 (Closes: #684076),
      thanks to Helmut Grohne <email address hidden>
    - munin-cron: call munin-graph with --cron argument (Closes: #685343)
    - Master/Node.pm: fix _node_read_fast() to accept all valid returns
      (Closes: #686089) and _do_connect() to not use an uninitialized
      variable. (Closes: #686090)
    - munin-async: make spoolread less restrictive about (valid) plugin names
      (Closes: #686093)
  * Update Location and Scriptalias in shipped apache.conf to fix a regression
    introduced in fixing #682869.
  * munin-node.postinst: don't create /var/lib/munin/plugin-state anymore as
    munin-node now uses /var/lib/munin-nodes/plugin-state and subdirs and
    handles creation by itself.
  * debian/rules: workaround bug in upstream Makefile targets to move
    /var/lib/async from munin-node package to munin-async.
  * debian/control:
    - make munin-async depend on munin-node for now.
    - update Vcs: headers to point to an uptodate repository.
  * Remove build/resources/apache-cgi.conf from munin.docs as it's outdated.
  * update munin.NEWS to reflect that everybody using cgi graphing needs to
    update the configuration files and that cron graphing is the default
    again. (cgi graphing was the default from pre-2.0 until 2.0.5)

munin (2.0.5-1) unstable; urgency=low

  [ Holger Levsen ]
  * New upstream versions, fixing lots of bugs (including a regression in
    munin-cgi-graph preventing it from caching at all (Closes: #683064))
    and adding documentation and manpages.  See upstream ChangeLog for the
    full list.
  * Remove workaround  concerning java-plugins (667493) in debian/rules
    as upstream has fixed this in e7e29c4 in 2.0.3.
  * munin-async.init:
    - run munin-async as munin-async user (Closes: #684171)
    - use stop function from munin-node.init to make it actually stop it
      (Closes: #684170). In the future we should replace both initscripts with
      saner rewrites.

  [ Helmut Grohne ]
  * Move cgi scripts to /usr/lib/munin/cgi. (Closes: #682869)
 -- Jeremy Bicha <email address hidden>   Thu, 13 Dec 2012 23:44:14 +0100