[Pkg-monitoring-maintainers] Bug#702775: ganglia: limiting security support
Salvatore Bonaccorso
carnil at debian.org
Mon May 27 16:41:30 UTC 2013
Hi Daniel, hi Stuart
On Mon, Mar 11, 2013 at 11:34:49AM +0100, Raphael Geissert wrote:
> Package: ganglia
> Version: 3.3.8-1
> Severity: grave
> Tags: security
> Control: clone -1 -2
> Control: reassign -2 src:ganglia-web 3.5.2-1
> X-Debbugs-cc: team at security.debian.org
>
> Hi again,
>
> Given the recent issues in Ganglia's web frontend and a review of some
> portions of the code we, as in the security team, have decided to
> limit ganglia's security support to installations behind a trusted
> HTTP zone.
> Any vulnerability that is only relevant when exposing ganglia's web
> frontend to a non-secure zone will therefore be treated as a non-issue
> by the security team. They could still be fixed via a SPU, however.
>
> As such, please add a README.Debian.security file briefly mentioning
> the limited security support, effective for the version in wheezy and
> newer.
Looks the changes from 3.3.8-1+nmu1 got lost with the recent upload.
Could you please re-add back the debian/README.Debian.security file
describing the limited support?
See, #702775.
Regards,
Salvatore
More information about the Pkg-monitoring-maintainers
mailing list