[#247908] p9 EPERM cacti.git=1.2.10-alt1 cacti-spine.git=1.2.10-alt1

Girar Builder awaiter robot girar-builder at altlinux.org
Mon Mar 16 15:12:58 MSK 2020 

http://git.altlinux.org/tasks/247908/logs/events.1.1.log

2020-Mar-16 12:05:37 :: task #247908 for p9 started by shaba:
2020-Mar-16 12:05:37 :: message: security_update
#100 build 1.2.10-alt1 from /gears/c/cacti.git fetched at 2020-Mar-16 11:49:40
#200 build 1.2.10-alt1 from /gears/c/cacti-spine.git fetched at 2020-Mar-16 11:49:45
2020-Mar-16 12:05:53 :: created build repo
2020-Mar-16 12:05:54 :: [ppc64le] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [aarch64] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [x86_64] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:05:54 :: [i586] #100 cacti.git 1.2.10-alt1: build start
2020-Mar-16 12:07:35 :: [aarch64] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:35 :: [aarch64] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:37 :: [ppc64le] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:37 :: [ppc64le] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:46 :: [i586] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:46 :: [i586] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:07:50 :: [x86_64] #100 cacti.git 1.2.10-alt1: build OK
2020-Mar-16 12:07:50 :: [x86_64] #200 cacti-spine.git 1.2.10-alt1: build start
2020-Mar-16 12:08:25 :: [aarch64] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:31 :: [ppc64le] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:42 :: [i586] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:47 :: [x86_64] #200 cacti-spine.git 1.2.10-alt1: build OK
2020-Mar-16 12:08:57 :: #100: cacti.git 1.2.10-alt1: build check OK
2020-Mar-16 12:09:06 :: #200: cacti-spine.git 1.2.10-alt1: build check OK
2020-Mar-16 12:09:06 :: build check OK
2020-Mar-16 12:09:23 :: noarch check OK
2020-Mar-16 12:09:25 :: plan: src +2 -2 =17870, aarch64 +2 -2 =29792, i586 +2 -2 =32006, noarch +2 -2 =18634, ppc64le +2 -2 =30137, x86_64 +2 -2 =32311
2020-Mar-16 12:09:25 :: version check OK
#100 cacti 1.2.3-alt1 -> 1.2.10-alt1
 Sun Mar 15 2020 Alexey Shabalin <shaba at altlinux> 1.2.10-alt1
 - 1.2.10
 - Fixes:
   + CVE-2019-17357 When viewing graphs, some input variables are not properly checked (SQL injection possible)
   + CVE-2019-17358 When deserializating data, ensure basic sanitization has been performed
   + CVE-2019-16723 Security issue allows to view all graphs
   + CVE-2020-7106 Lack of escaping on some pages can lead to XSS exposure
   + CVE-2020-7237 Remote Code Execution due to input validation failure in Performance Boost Debug Log
   + CVE-2020-8813 When guest users have access to realtime graphs, remote code could be executed
#200 cacti-spine 1.2.3-alt1 -> 1.2.10-alt1
 Sun Mar 15 2020 Alexey Shabalin <shaba at altlinux> 1.2.10-alt1
 - 1.2.10
2020-Mar-16 12:09:25 :: cacti: mentions vulnerabilities: CVE-2019-17357 CVE-2019-17358 CVE-2019-16723 CVE-2020-7106 CVE-2020-7237 CVE-2020-8813
2020-Mar-16 12:10:19 :: generated apt indices
2020-Mar-16 12:10:19 :: created next repo
2020-Mar-16 12:10:47 :: dependencies check OK
2020-Mar-16 12:11:17 :: [x86_64 i586 aarch64 ppc64le] ELF symbols check OK
2020-Mar-16 12:11:40 :: [i586] #100 cacti: install check OK
2020-Mar-16 12:11:42 :: [x86_64] #100 cacti: install check OK
2020-Mar-16 12:11:56 :: [x86_64] #100 cacti-setup: install check OK
2020-Mar-16 12:11:56 :: [i586] #100 cacti-setup: install check OK
2020-Mar-16 12:12:09 :: [x86_64] #200 cacti-spine: install check OK
2020-Mar-16 12:12:10 :: [i586] #200 cacti-spine: install check OK
2020-Mar-16 12:12:26 :: [x86_64] #200 cacti-spine-debuginfo: install check OK
2020-Mar-16 12:12:30 :: [i586] #200 cacti-spine-debuginfo: install check OK
2020-Mar-16 12:12:48 :: [x86_64-i586] generated apt indices
2020-Mar-16 12:12:48 :: [x86_64-i586] created next repo
2020-Mar-16 12:12:56 :: [x86_64-i586] dependencies check OK
2020-Mar-16 12:12:56 :: gears inheritance check OK
2020-Mar-16 12:12:56 :: srpm inheritance check OK
girar-check-perms: access to @maint ALLOWED for shaba: member of approved group
check-subtask-perms: #100: cacti: allowed for shaba, needs an approval from a member of @tester group
girar-check-perms: access to @maint ALLOWED for shaba: member of approved group
check-subtask-perms: #200: cacti-spine: allowed for shaba, needs an approval from a member of @tester group
2020-Mar-16 12:12:58 :: acl check FAILED
2020-Mar-16 12:12:58 :: task #247908 for p9 EPERM

More information about the Sisyphus-incominger mailing list