From c3e80bde3395e3eddc61311d4f719d7775cf93a5fd3b2f58bdd8c61e6fb92a4e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aeneas=20Jai=C3=9Fle?= Date: Thu, 2 Mar 2017 13:48:38 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/server:monitoring/munin?expand=0&rev=34 --- CVE-2017-6188-fix-parameter-injection.patch | 29 --------------------- 1 file changed, 29 deletions(-) delete mode 100644 CVE-2017-6188-fix-parameter-injection.patch diff --git a/CVE-2017-6188-fix-parameter-injection.patch b/CVE-2017-6188-fix-parameter-injection.patch deleted file mode 100644 index 84d76a8..0000000 --- a/CVE-2017-6188-fix-parameter-injection.patch +++ /dev/null @@ -1,29 +0,0 @@ -From: Tomaž Šolc -Date: Tue, 21 Feb 2017 14:42:26 +0100 -Subject: CVE-2017-6188: munin-cgi-graph local file write vulnerability -References: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855705 - boo#1026539 -Upstream: https://github.com/munin-monitoring/munin/issues/721 - -Index: munin-2.0.25/master/_bin/munin-cgi-graph.in -=================================================================== ---- munin-2.0.25.orig/master/_bin/munin-cgi-graph.in -+++ munin-2.0.25/master/_bin/munin-cgi-graph.in -@@ -447,13 +447,13 @@ sub draw_graph { - '--output-file', $filename ); - - # Sets the correct size on a by_graph basis -- push @params, "--size_x", CGI::param("size_x") -+ push @params, "--size_x", scalar CGI::param("size_x") - if (defined(CGI::param("size_x"))); -- push @params, "--size_y", CGI::param("size_y") -+ push @params, "--size_y", scalar CGI::param("size_y") - if (defined(CGI::param("size_y"))); -- push @params, "--upper_limit", CGI::param("upper_limit") -+ push @params, "--upper_limit", scalar CGI::param("upper_limit") - if (CGI::param("upper_limit")); -- push @params, "--lower_limit", CGI::param("lower_limit") -+ push @params, "--lower_limit", scalar CGI::param("lower_limit") - if (CGI::param("lower_limit")); - - # Sometimes we want to set the IMG size, and not the canvas.