[PKG-Openstack-devel] Wheezy update of rabbitmq-server?

Bálint Réczey balint at balintreczey.hu
Wed Jan 4 20:08:49 UTC 2017 

Hi Zigo,

2017-01-04 16:28 GMT+01:00 Thomas Goirand <zigo at debian.org>:
> Hi,
>
> I don't think any of the maintainers of RabbitMQ cares about Wheezy
> anymore, so it'd be very nice if someone from the LTS team was taking
> care of it.

OK, I'll take care of it. (Claimed in dla-needed.txt, too.)

Cheers,
Balint

>
> Cheers,
>
> Thomas Goirand (zigo)
>
> On 12/30/2016 11:16 PM, Ola Lundqvist wrote:
>> Hi
>>
>> I forgot to mention that I do not have proof that this is a
>> vulnerability also in the version in wheezy. The advisory mentions
>> that 3.x branch is affected. It do not mention 2.x. However I do not
>> see a reason why it should not be vulnerable. So I'll leave that to
>> the one investigating how to fix this.
>>
>> Best regards
>>
>> // Ola
>>
>> On 30 December 2016 at 23:04, Ola Lundqvist <ola at inguza.com> wrote:
>>> Hello dear maintainer(s),
>>>
>>> the Debian LTS team would like to fix the security issues which are
>>> currently open in the Wheezy version of rabbitmq-server:
>>> https://security-tracker.debian.org/tracker/CVE-2016-9877
>>>
>>> Would you like to take care of this yourself?
>>>
>>> If yes, please follow the workflow we have defined here:
>>> https://wiki.debian.org/LTS/Development
>>>
>>> If that workflow is a burden to you, feel free to just prepare an
>>> updated source package and send it to debian-lts at lists.debian.org
>>> (via a debdiff, or with an URL pointing to the source package,
>>> or even with a pointer to your packaging repository), and the members
>>> of the LTS team will take care of the rest. Indicate clearly whether you
>>> have tested the updated package or not.
>>>
>>> If you don't want to take care of this update, it's not a problem, we
>>> will do our best with your package. Just let us know whether you would
>>> like to review and/or test the updated package before it gets released.
>>>
>>> You can also opt-out from receiving future similar emails in your
>>> answer and then the LTS Team will take care of rabbitmq-server updates
>>> for the LTS releases.
>>>
>>> Thank you very much.
>>>
>>> Ola Lundqvist,
>>>   on behalf of the Debian LTS team.
>>>
>>> PS: A member of the LTS team might start working on this update at
>>> any point in time. You can verify whether someone is registered
>>> on this update in this file:
>>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup
>>>
>>
>>
>>
>

More information about the Openstack-devel mailing list