[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of rabbitmq-server?


I don't think any of the maintainers of RabbitMQ cares about Wheezy
anymore, so it'd be very nice if someone from the LTS team was taking
care of it.


Thomas Goirand (zigo)

On 12/30/2016 11:16 PM, Ola Lundqvist wrote:
> Hi
> I forgot to mention that I do not have proof that this is a
> vulnerability also in the version in wheezy. The advisory mentions
> that 3.x branch is affected. It do not mention 2.x. However I do not
> see a reason why it should not be vulnerable. So I'll leave that to
> the one investigating how to fix this.
> Best regards
> // Ola
> On 30 December 2016 at 23:04, Ola Lundqvist <ola@inguza.com> wrote:
>> Hello dear maintainer(s),
>> the Debian LTS team would like to fix the security issues which are
>> currently open in the Wheezy version of rabbitmq-server:
>> https://security-tracker.debian.org/tracker/CVE-2016-9877
>> Would you like to take care of this yourself?
>> If yes, please follow the workflow we have defined here:
>> https://wiki.debian.org/LTS/Development
>> If that workflow is a burden to you, feel free to just prepare an
>> updated source package and send it to debian-lts@lists.debian.org
>> (via a debdiff, or with an URL pointing to the source package,
>> or even with a pointer to your packaging repository), and the members
>> of the LTS team will take care of the rest. Indicate clearly whether you
>> have tested the updated package or not.
>> If you don't want to take care of this update, it's not a problem, we
>> will do our best with your package. Just let us know whether you would
>> like to review and/or test the updated package before it gets released.
>> You can also opt-out from receiving future similar emails in your
>> answer and then the LTS Team will take care of rabbitmq-server updates
>> for the LTS releases.
>> Thank you very much.
>> Ola Lundqvist,
>>   on behalf of the Debian LTS team.
>> PS: A member of the LTS team might start working on this update at
>> any point in time. You can verify whether someone is registered
>> on this update in this file:
>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup

Reply to: