❦ 5 avril 2013 16:50 CEST, Salvatore Bonaccorso <carnil@debian.org> : > haproxy appeared on the 'radar' for the wheezy release due to > CVE-2012-2942 (#674447) and CVE-2013-1912 (#704611) and it looks like > haproxy was behind by some minor releases on current 1.4.23 for the > stable series. > > Upstream also commented on this in [1]. > > [1]: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=674447#53 > > Could you give us (timeframe within the next 5 days if possible) about > your opinion on the release state for haproxy? Hi Salvatore! I didn't notice that haproxy in Debian was lagging behind upstream until your email. I am not using the 1.4.x branch and therefore cannot say if 1.4.15 is usable. Here is what I propose: - We release with 1.4.15 with your proposed patches (I think the release team will be OK) in #674447 and #704611. - We triage the patchs proposed by Willy and open the appropriate bugs as "important" to be able to push those patchs in next Wheezy update. From the list, I would say this could be about 10 patches. - We package 1.4.23 as soon as Wheezy is released and propose it as a backport. It also seems that the current maintainers do not have much time for HAproxy. I can take care of maintainership but as I have said, I am not a user of the 1.4.x branch but I can commit time for it nonetheless (and provide packages for 1.5devX in experimental). -- panic ("No CPUs found. System halted.\n"); 2.4.3 linux/arch/parisc/kernel/setup.c
Attachment:
pgppfFBycZ4xh.pgp
Description: PGP signature