[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)

Salvatore Bonaccorso carnil at debian.org
Sat Jan 19 20:52:23 UTC 2013

Hi Daniel, hi all

Ok let's try to reassume (I feel like there is some confusion ;-))

Squeeze currently has ganglia 3.1.7-1. So the updated package needs to
be based on this. Usually introducing a new upstream version is not
accepted for security updates (an exception is e.g. mysql, where it
seems not other possible). So this should/will be 3.1.7-1+squeeze1 for
a Squeeze update.

Adjusting the Subject of this mail to avoid further confusions.

The source diff between 3.1.7 and 3.1.8 is somehow huge (4.8M, 110
files changed, 49330 insertions(+), 73094 deletions(-)).

The isolated fix is only in web/graph.php right?

So the upload for stable-security needs only to include the fix to
actually fix CVE-2012-3448, which seems the part discussed. You as
contributor upstream might give some more hints what is actually
needed apart the change in web/graph.php (if there is any).

p.s.: I'm not trying to hijack your work, but only would like to make
      sure that the fix get's into Squeeze for CVE-2012-3448.


More information about the Pkg-monitoring-maintainers mailing list