❦ 5 avril 2013 16:50 CEST, Salvatore Bonaccorso <carnil@debian.org> :
> haproxy appeared on the 'radar' for the wheezy release due to
> CVE-2012-2942 (#674447) and CVE-2013-1912 (#704611) and it looks like
> haproxy was behind by some minor releases on current 1.4.23 for the
> stable series.
>
> Upstream also commented on this in [1].
>
> [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674447#53
>
> Could you give us (timeframe within the next 5 days if possible) about
> your opinion on the release state for haproxy?
Hi Salvatore!
I didn't notice that haproxy in Debian was lagging behind upstream until
your email. I am not using the 1.4.x branch and therefore cannot say if
1.4.15 is usable.
Here is what I propose:
- We release with 1.4.15 with your proposed patches (I think the
release team will be OK) in #674447 and #704611.
- We triage the patchs proposed by Willy and open the appropriate bugs
as "important" to be able to push those patchs in next Wheezy
update. From the list, I would say this could be about 10 patches.
- We package 1.4.23 as soon as Wheezy is released and propose it as a
backport.
It also seems that the current maintainers do not have much time for
HAproxy. I can take care of maintainership but as I have said, I am not
a user of the 1.4.x branch but I can commit time for it nonetheless (and
provide packages for 1.5devX in experimental).
--
panic ("No CPUs found. System halted.\n");
2.4.3 linux/arch/parisc/kernel/setup.c
Attachment:
pgppfFBycZ4xh.pgp
Description: PGP signature