[Pkg-monitoring-maintainers] ganglia update for Squeeze (CVE-2012-3448)
carnil at debian.org
Sat Jan 19 20:52:23 UTC 2013
Hi Daniel, hi all
Ok let's try to reassume (I feel like there is some confusion ;-))
Squeeze currently has ganglia 3.1.7-1. So the updated package needs to
be based on this. Usually introducing a new upstream version is not
accepted for security updates (an exception is e.g. mysql, where it
seems not other possible). So this should/will be 3.1.7-1+squeeze1 for
a Squeeze update.
Adjusting the Subject of this mail to avoid further confusions.
The source diff between 3.1.7 and 3.1.8 is somehow huge (4.8M, 110
files changed, 49330 insertions(+), 73094 deletions(-)).
The isolated fix is only in web/graph.php right?
So the upload for stable-security needs only to include the fix to
actually fix CVE-2012-3448, which seems the part discussed. You as
contributor upstream might give some more hints what is actually
needed apart the change in web/graph.php (if there is any).
p.s.: I'm not trying to hijack your work, but only would like to make
sure that the fix get's into Squeeze for CVE-2012-3448.
More information about the Pkg-monitoring-maintainers