[Pkg-monitoring-maintainers] Bug#683584: security update ready for squeeze (3.1.8)
Salvatore Bonaccorso
carnil at debian.org
Sat Jan 19 11:48:27 UTC 2013
Hi Daniel
Thanks for you followup! Even better if you (or someone else of
pkg-monitoring team) can do the security upload:
On Sat, Jan 19, 2013 at 11:22:47AM +0100, Daniel Pocock wrote:
> Just following up on this
>
> - - I've added pkg-monitoring-maintainers at lists.alioth.debian.org to the
> CC, as there are more people now involved with Ganglia packaging
>
> - - if it is acceptable for the upload, I've also put the current
> Maintainer and VCS details in debian/control on the squeeze branch
IMHO yes (but cannot speak for the security team; but the VCS seem
still on old location so far?)
Can you furthermore please include the CVE identifier in the
changelog? (CVE-2012-3448)
> diff --git a/debian/changelog b/debian/changelog
> index a655fa6..0a0cb20 100644
> - --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +ganglia (3.1.8-2) UNRELEASED; urgency=low
> +
> + * Package now under pkg-monitoring maintainership, update control
> +
> + -- Daniel Pocock <daniel at pocock.com.au>
> +
> ganglia (3.1.8-1) unstable; urgency=low
>
> * Fix for path injection security bug (Closes: #683584)
Note that in general only the fixes for the security upload should be
included. I know: you mentioned that 3.1.8 includes only the fixes for
#683584. But looking at the diff between the two tar.gz:
$ diff -urN ganglia-3.1.7 ganglia-3.1.8 | diffstat
[...]
110 files changed, 49330 insertions(+), 73094 deletions(-)
(part of it seems autogenerated stuff).
The git repo on other side seem to be based upon 3.1.7-2 (uploaded
once to unstable) and then 3.1.8 (according at least looking at the
changelog[1]).
[1]: http://anonscm.debian.org/gitweb/?p=collab-maint/ganglia.git;a=blob;f=debian/changelog;hb=refs/heads/squeeze
I'm sorry if I miss something here.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-monitoring-maintainers/attachments/20130119/8f124d1e/attachment.pgp>
More information about the Pkg-monitoring-maintainers
mailing list