security update spams log file

Bug #1669764 reported by Marc Deslauriers on 2017-03-03
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
munin (Debian)
Fix Released
Unknown
munin (Ubuntu)
Undecided
Unassigned
Trusty
Undecided
Marc Deslauriers
Xenial
Undecided
Marc Deslauriers
Yakkety
Undecided
Marc Deslauriers

Bug Description

The munin security update caused a regression that is spamming the log file with:

2017/03/02 06:53:56 [PERL WARNING] Use of uninitialized value $size_x in string eq at /usr/lib/munin/cgi/munin-cgi-graph line 453.

CVE References

Marc Deslauriers (mdeslaur) wrote :
no longer affects: munin
Changed in munin (Ubuntu Trusty):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in munin (Ubuntu Xenial):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in munin (Ubuntu Yakkety):
assignee: nobody → Marc Deslauriers (mdeslaur)
Changed in munin (Debian):
status: Unknown → Confirmed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.25-2ubuntu0.16.04.3

---------------
munin (2.0.25-2ubuntu0.16.04.3) xenial-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:19:15 -0500

Changed in munin (Ubuntu Xenial):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.19-3ubuntu0.3

---------------
munin (2.0.19-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - master/_bin/munin-cgi-graph.in: use looks_like_number.
    - 6373554b1cc8bee886947cee598e86d1d9ea1e4a

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:21:41 -0500

Changed in munin (Ubuntu Trusty):
status: New → Fix Released
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package munin - 2.0.25-2ubuntu0.16.10.3

---------------
munin (2.0.25-2ubuntu0.16.10.3) yakkety-security; urgency=medium

  * SECURITY REGRESSION: log spamming issue (LP: #1669764)
    - debian/patches/CVE-2017-6188-3.patch: use looks_like_number in
      master/_bin/munin-cgi-graph.in.

 -- Marc Deslauriers <email address hidden> Fri, 03 Mar 2017 07:14:08 -0500

Changed in munin (Ubuntu Yakkety):
status: New → Fix Released
Changed in munin (Debian):
status: Confirmed → Fix Released
Nish Aravamudan (nacc) wrote :

munin/2.0.33-1 is in zesty-proposed.

Changed in munin (Ubuntu):
status: New → Fix Committed
Changed in munin (Ubuntu):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.