[Pkg-monitoring-maintainers] Bug#683584: security update ready for squeeze (3.1.8)

Salvatore Bonaccorso carnil at debian.org
Sat Jan 19 11:48:27 UTC 2013

Hi Daniel

Thanks for you followup! Even better if you (or someone else of
pkg-monitoring team) can do the security upload:

On Sat, Jan 19, 2013 at 11:22:47AM +0100, Daniel Pocock wrote:
> Just following up on this
> - - I've added pkg-monitoring-maintainers at lists.alioth.debian.org to the
> CC, as there are more people now involved with Ganglia packaging
> - - if it is acceptable for the upload, I've also put the current
> Maintainer and VCS details in debian/control on the squeeze branch

IMHO yes (but cannot speak for the security team; but the VCS seem
still on old location so far?)

Can you furthermore please include the CVE identifier in the
changelog? (CVE-2012-3448)

> diff --git a/debian/changelog b/debian/changelog
> index a655fa6..0a0cb20 100644
> - --- a/debian/changelog
> +++ b/debian/changelog
> @@ -1,3 +1,9 @@
> +ganglia (3.1.8-2) UNRELEASED; urgency=low
> +
> +  * Package now under pkg-monitoring maintainership, update control
> +
> + -- Daniel Pocock <daniel at pocock.com.au>
> +
>  ganglia (3.1.8-1) unstable; urgency=low
>    * Fix for path injection security bug (Closes: #683584)

Note that in general only the fixes for the security upload should be
included. I know: you mentioned that 3.1.8 includes only the fixes for
#683584. But looking at the diff between the two tar.gz:

$ diff -urN ganglia-3.1.7 ganglia-3.1.8 | diffstat
110 files changed, 49330 insertions(+), 73094 deletions(-)

(part of it seems autogenerated stuff).

The git repo on other side seem to be based upon 3.1.7-2 (uploaded
once to unstable) and then 3.1.8 (according at least looking at the

 [1]: http://anonscm.debian.org/gitweb/?p=collab-maint/ganglia.git;a=blob;f=debian/changelog;hb=refs/heads/squeeze

I'm sorry if I miss something here.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-monitoring-maintainers/attachments/20130119/8f124d1e/attachment.pgp>

More information about the Pkg-monitoring-maintainers mailing list