From: Girar Builder awaiter robot <girar-builder@altlinux.org>
To: Alexey Shabalin <shaba@altlinux.org>
Cc: sisyphus-incominger@lists.altlinux.org, girar-builder-p9@altlinux.org
Subject: [#247908] p9 EPERM cacti.git=1.2.10-alt1 cacti-spine.git=1.2.10-alt1
Date: Mon, 16 Mar 2020 12:12:58 +0000
Message-ID: <20200316121258.GA19033@gyle.altlinux.org> (raw)
http://git.altlinux.org/tasks/247908/logs/events.1.1.log
2020-Mar-16 12:05:37 :: task #247908 for p9 started by shaba:
2020-Mar-16 12:05:37 :: message: security_update
#100 build 1.2.10-alt1 from /gears/c/cacti.git fetched at 2020-Mar-16 11:49:40
#200 build 1.2.10-alt1 from /gears/c/cacti-spine.git fetched at 2020-Mar-16 11:49:45
2020-Mar-16 12:05:53 :: created build repo
2020-Mar-16 12:05:54 :: [ppc64le] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [aarch64] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [x86_64] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [i586] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:07:35 :: [aarch64] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:35 :: [aarch64] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:37 :: [ppc64le] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:37 :: [ppc64le] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:46 :: [i586] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:46 :: [i586] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:50 :: [x86_64] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:50 :: [x86_64] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:08:25 :: [aarch64] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:31 :: [ppc64le] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:42 :: [i586] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:47 :: [x86_64] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:57 :: #100: cacti.git 1.2.10-alt1: build check OK
2020-Mar-16 12:09:06 :: #200: cacti-spine.git 1.2.10-alt1: build check OK
2020-Mar-16 12:09:06 :: build check OK
2020-Mar-16 12:09:23 :: noarch check OK
2020-Mar-16 12:09:25 :: plan: src +2 -2 =17870, aarch64 +2 -2 =29792, i586 +2 -2 =32006, noarch +2 -2 =18634, ppc64le +2 -2 =30137, x86_64 +2 -2 =32311
2020-Mar-16 12:09:25 :: version check OK
#100 cacti 1.2.3-alt1 -> 1.2.10-alt1
Sun Mar 15 2020 Alexey Shabalin <shaba@altlinux> 1.2.10-alt1
- 1.2.10
- Fixes:
+ CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
+ CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
+ CVE-2019-16723 Security issue allows to view all graphs
+ CVE-2020-7106 Lack of escaping on some pages can lead to XSS exposure
+ CVE-2020-7237 Remote Code Execution due to input validation failure in Performance Boost Debug Log
+ CVE-2020-8813 When guest users have access to realtime graphs, remote code could be executed
#200 cacti-spine 1.2.3-alt1 -> 1.2.10-alt1
Sun Mar 15 2020 Alexey Shabalin <shaba@altlinux> 1.2.10-alt1
- 1.2.10
2020-Mar-16 12:09:25 :: cacti: mentions vulnerabilities: CVE-2019-17357 CVE-2019-17358 CVE-2019-16723 CVE-2020-7106 CVE-2020-7237 CVE-2020-8813
2020-Mar-16 12:10:19 :: generated apt indices
2020-Mar-16 12:10:19 :: created next repo
2020-Mar-16 12:10:47 :: dependencies check OK
2020-Mar-16 12:11:17 :: [x86_64 i586 aarch64 ppc64le] ELF symbols check OK
2020-Mar-16 12:11:40 :: [i586] #100 cacti: install check OK
2020-Mar-16 12:11:42 :: [x86_64] #100 cacti: install check OK
2020-Mar-16 12:11:56 :: [x86_64] #100 cacti-setup: install check OK
2020-Mar-16 12:11:56 :: [i586] #100 cacti-setup: install check OK
2020-Mar-16 12:12:09 :: [x86_64] #200 cacti-spine: install check OK
2020-Mar-16 12:12:10 :: [i586] #200 cacti-spine: install check OK
2020-Mar-16 12:12:26 :: [x86_64] #200 cacti-spine-debuginfo: install check OK
2020-Mar-16 12:12:30 :: [i586] #200 cacti-spine-debuginfo: install check OK
2020-Mar-16 12:12:48 :: [x86_64-i586] generated apt indices
2020-Mar-16 12:12:48 :: [x86_64-i586] created next repo
2020-Mar-16 12:12:56 :: [x86_64-i586] dependencies check OK
2020-Mar-16 12:12:56 :: gears inheritance check OK
2020-Mar-16 12:12:56 :: srpm inheritance check OK
girar-check-perms: access to @maint ALLOWED for shaba: member of approved group
check-subtask-perms: #100: cacti: allowed for shaba, needs an approval from a member of @tester group
girar-check-perms: access to @maint ALLOWED for shaba: member of approved group
check-subtask-perms: #200: cacti-spine: allowed for shaba, needs an approval from a member of @tester group
2020-Mar-16 12:12:58 :: acl check FAILED
2020-Mar-16 12:12:58 :: task #247908 for p9 EPERM
reply other threads:[~2020-03-16 12:12 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200316121258.GA19033@gyle.altlinux.org \
--to=girar-builder@altlinux.org \
--cc=girar-builder-p9@altlinux.org \
--cc=shaba@altlinux.org \
--cc=sisyphus-incominger@lists.altlinux.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
ALT Linux Girar Builder robot reports
This inbox may be cloned and mirrored by anyone:
git clone --mirror http://lore.altlinux.org/sisyphus-incominger/0 sisyphus-incominger/git/0.git
# If you have public-inbox 1.1+ installed, you may
# initialize and index your mirror using the following commands:
public-inbox-init -V2 sisyphus-incominger sisyphus-incominger/ http://lore.altlinux.org/sisyphus-incominger \
sisyphus-incominger@lists.altlinux.org sisyphus-incominger@lists.altlinux.ru sisyphus-incominger@lists.altlinux.com
public-inbox-index sisyphus-incominger
Example config snippet for mirrors.
Newsgroup available over NNTP:
nntp://lore.altlinux.org/org.altlinux.lists.sisyphus-incominger
AGPL code for this site: git clone https://public-inbox.org/public-inbox.git