[PKG-Openstack-devel] Wheezy update of rabbitmq-server?
Bálint Réczey
balint at balintreczey.hu
Fri Jan 6 01:07:07 UTC 2017
Hi,
2017-01-04 21:08 GMT+01:00 Bálint Réczey <balint at balintreczey.hu>:
> Hi Zigo,
>
> 2017-01-04 16:28 GMT+01:00 Thomas Goirand <zigo at debian.org>:
>> Hi,
>>
>> I don't think any of the maintainers of RabbitMQ cares about Wheezy
>> anymore, so it'd be very nice if someone from the LTS team was taking
>> care of it.
>
> OK, I'll take care of it. (Claimed in dla-needed.txt, too.)
It turned out Wheezy is not affected thus I removed the package from
the dla list.
During checking I have also prepared a fix for which I have attached to #849849.
Cheers,
Balint
>
> Cheers,
> Balint
>
>>
>> Cheers,
>>
>> Thomas Goirand (zigo)
>>
>> On 12/30/2016 11:16 PM, Ola Lundqvist wrote:
>>> Hi
>>>
>>> I forgot to mention that I do not have proof that this is a
>>> vulnerability also in the version in wheezy. The advisory mentions
>>> that 3.x branch is affected. It do not mention 2.x. However I do not
>>> see a reason why it should not be vulnerable. So I'll leave that to
>>> the one investigating how to fix this.
>>>
>>> Best regards
>>>
>>> // Ola
>>>
>>> On 30 December 2016 at 23:04, Ola Lundqvist <ola at inguza.com> wrote:
>>>> Hello dear maintainer(s),
>>>>
>>>> the Debian LTS team would like to fix the security issues which are
>>>> currently open in the Wheezy version of rabbitmq-server:
>>>> https://security-tracker.debian.org/tracker/CVE-2016-9877
>>>>
>>>> Would you like to take care of this yourself?
>>>>
>>>> If yes, please follow the workflow we have defined here:
>>>> https://wiki.debian.org/LTS/Development
>>>>
>>>> If that workflow is a burden to you, feel free to just prepare an
>>>> updated source package and send it to debian-lts at lists.debian.org
>>>> (via a debdiff, or with an URL pointing to the source package,
>>>> or even with a pointer to your packaging repository), and the members
>>>> of the LTS team will take care of the rest. Indicate clearly whether you
>>>> have tested the updated package or not.
>>>>
>>>> If you don't want to take care of this update, it's not a problem, we
>>>> will do our best with your package. Just let us know whether you would
>>>> like to review and/or test the updated package before it gets released.
>>>>
>>>> You can also opt-out from receiving future similar emails in your
>>>> answer and then the LTS Team will take care of rabbitmq-server updates
>>>> for the LTS releases.
>>>>
>>>> Thank you very much.
>>>>
>>>> Ola Lundqvist,
>>>> on behalf of the Debian LTS team.
>>>>
>>>> PS: A member of the LTS team might start working on this update at
>>>> any point in time. You can verify whether someone is registered
>>>> on this update in this file:
>>>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>>>>
>>>
>>>
>>>
>>
More information about the Openstack-devel
mailing list