Your message dated Tue, 19 Mar 2013 22:18:17 +0000
with message-id <[email protected]>
and subject line Bug#702775: fixed in ganglia 3.3.8-1+nmu1
has caused the Debian Bug report #702775,
regarding ganglia: limiting security support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
702775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702775
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ganglia
Version: 3.3.8-1
Severity: grave
Tags: security
Control: clone -1 -2
Control: reassign -2 src:ganglia-web 3.5.2-1
X-Debbugs-cc: [email protected]
Hi again,
Given the recent issues in Ganglia's web frontend and a review of some
portions of the code we, as in the security team, have decided to
limit ganglia's security support to installations behind a trusted
HTTP zone.
Any vulnerability that is only relevant when exposing ganglia's web
frontend to a non-secure zone will therefore be treated as a non-issue
by the security team. They could still be fixed via a SPU, however.
As such, please add a README.Debian.security file briefly mentioning
the limited security support, effective for the version in wheezy and
newer.
Thanks in advance.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: ganglia
Source-Version: 3.3.8-1+nmu1
We believe that the bug you reported is fixed in the latest version of
ganglia, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated ganglia package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Sun, 17 Mar 2013 18:52:40 +0000
Source: ganglia
Binary: ganglia-monitor ganglia-monitor-python gmetad libganglia1
libganglia1-dev ganglia-webfrontend
Architecture: source all amd64
Version: 3.3.8-1+nmu1
Distribution: unstable
Urgency: medium
Maintainer: Stuart Teasdale <[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description:
ganglia-monitor - cluster monitoring toolkit - node daemon
ganglia-monitor-python - cluster monitoring toolkit - python modules
ganglia-webfrontend - cluster monitoring toolkit - web front-end
gmetad - cluster monitoring toolkit - Ganglia Meta-Daemon
libganglia1 - cluster monitoring toolkit - shared libraries
libganglia1-dev - cluster monitoring toolkit - development libraries
Closes: 702775
Changes:
ganglia (3.3.8-1+nmu1) unstable; urgency=medium
.
* Non-maintainer upload by the Security Team.
* Add a README.Debian.security file discussing limited security support for
this package (closes: #702775).
Checksums-Sha1:
2cd1fe01ec91bd55fc3b199f8c75a86666bc5f98 3039 ganglia_3.3.8-1+nmu1.dsc
2b5a4ce9714a9cd8fa755cf44c40610176b35339 21108
ganglia_3.3.8-1+nmu1.debian.tar.gz
b2006ef3e1c8e0226e2a969d1584b57d5afa6334 57560
ganglia-monitor-python_3.3.8-1+nmu1_all.deb
6ebf3cb475cfbb56335967027e2bc6cac70fbc1a 662978
ganglia-webfrontend_3.3.8-1+nmu1_all.deb
9a7df6b3a62bf5c77aff7af9870d68f53973f601 81706
ganglia-monitor_3.3.8-1+nmu1_amd64.deb
ab4375cbe9839ab2e81de875aa32051d2be98c45 37186 gmetad_3.3.8-1+nmu1_amd64.deb
2621e839a129ad7ec679aa9ecfd97025fb95545d 140108
libganglia1_3.3.8-1+nmu1_amd64.deb
8420d38b0da27048f0afab98f972afc0f503f063 48194
libganglia1-dev_3.3.8-1+nmu1_amd64.deb
Checksums-Sha256:
e3885e51fdc6d31b45442fc9eb0df6ca17711e04c3412df909ed5ae0f54cd43b 3039
ganglia_3.3.8-1+nmu1.dsc
89a4b9a346f6eaff8569d14f4871bbcdbf2bc49bdcf79a7edd78773cf9296b8a 21108
ganglia_3.3.8-1+nmu1.debian.tar.gz
0e279ee20971eccc9a06d03cbfccea2e6e4ba8c6e782c4fdce3498656eaeb488 57560
ganglia-monitor-python_3.3.8-1+nmu1_all.deb
32371be92ff385370e591732d21e1c2ae6c4ad7797d2fd8739a5fe74add1d967 662978
ganglia-webfrontend_3.3.8-1+nmu1_all.deb
393ae1790acd203bd9f0d9e4a1d5ee5aae91e828176cf50a9a7a1d54ef203c06 81706
ganglia-monitor_3.3.8-1+nmu1_amd64.deb
7dbbb1571c210f37bd84c32b3458df66b13e437668e38c1264f907a241d6a5c9 37186
gmetad_3.3.8-1+nmu1_amd64.deb
a3c8f69f3ccf1a8a1c2ca6c9ba1dc65f3d1494cb0dc5888688b56a10e67cb2f1 140108
libganglia1_3.3.8-1+nmu1_amd64.deb
3b812a5b6e816c516ffbc5b483cef510b388580905e371d39477fdefd3bc3fd1 48194
libganglia1-dev_3.3.8-1+nmu1_amd64.deb
Files:
11fd4850259044846f9a81312b701917 3039 net optional ganglia_3.3.8-1+nmu1.dsc
862ea6ab6c743d02652e1d96465e98f2 21108 net optional
ganglia_3.3.8-1+nmu1.debian.tar.gz
dd5a50a4bd8ae614e0080ca2dca6c6a8 57560 net optional
ganglia-monitor-python_3.3.8-1+nmu1_all.deb
3b1cdff688c6b37f1559ec3547d98fae 662978 net optional
ganglia-webfrontend_3.3.8-1+nmu1_all.deb
10f0e05ef2101d7d6aa80e1f721716c5 81706 net optional
ganglia-monitor_3.3.8-1+nmu1_amd64.deb
244b581b763070a8d9beef60d5a52c78 37186 net optional
gmetad_3.3.8-1+nmu1_amd64.deb
56b8cf123f138f57f41ca44415f01b01 140108 libs optional
libganglia1_3.3.8-1+nmu1_amd64.deb
3092ffb39fbcdfece037f012efcc7db3 48194 libdevel optional
libganglia1-dev_3.3.8-1+nmu1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQQcBAEBCAAGBQJRRjbDAAoJELjWss0C1vRzx5MgAKERSXfjSqb7GTFFsy4zF2HA
v+pRxzm6w2lqqqrRdlBW964w+N4pUcz9CkXU3KpSlIEb9DKADcbPoj6q3EcQElRT
rB2/E9qndGMWo/P4Ta9tzs5j848qGhiAzM6OQD3YfGEVUiU3V4yh67q1rtklPUUX
9IVisBYH56W84Sl6f2YwB6yyYAO0uZmnj9e7paxsOnjx75tgPRvgBLfTNYXHxOc3
4TBIFISicM+KroWhptr7M/2A/lwVCOCrD8W7D35a4Rk01s+hwKJSYSK94zxclVIC
Z5S42/9vByapwVTJAwbpg68MW2x+FYhskXBnu0SF4YvcmSiEXRuR04doz5lNKoAo
hleQjkgYxCIPIb9r0rc3qJGQYJIeBbmfCLTavggbeEU18k1V5mJlo/nriMC/jZWP
68DjORlgScUHumlKL8UG+6b1HZo9YMaCiZ8y6vFHofFFfDjgaRSBmYpPNxMpuUYw
u+WvSJ0SlvZXijrw4laGHnVYFSRy8ALLFBA2ZBN+633WvCYRUNqQTXsBESozr7KJ
0pOOYCBcBLYdIhPFMsl/y6kdcouxqg3RcTPY6MMU1iC9koFohfNA2CqIFSljqkev
IYgFU2x0SFH3mP2vdMUMMAy5u1ax8IeK6wrVPtFpuq3z6N3K8ihsyJktHZ0PSCSq
zUsZwmGgLmi3dcFYSdKPamTBVVz5vM/ZH/xrv5HpZWCMV1VxagF2RNChZs1ajY73
OfpTeCKGWOIKr9DKY1N1lC6Ld83Zf3UqQV/6/t20S7+E6utSJ9En0tgpKG/v4uYf
1rkOkHHj0iclP7wSSciZ9VWpKuOCLY5KrO8BaYIseTh53maV40MMGK4QaST6gywd
Xp7TuaQOaE6mgaoQQqoLTP6utmBjExi7Jz2ljKcWzZzMBcofLQ8vVgaxAcd/zErm
UQuWkVdo8OEbFRAc0iERqAbBqoZXnU8hlaSAX24720lUQhpt4kcCJha47d1mbPdG
qnAfBmfJLt1VenS0RcYJekRZAtKpcx2OQ91uwYHz61U3dg+KyRVQ9fen9lClZfCs
eRF0/eQ2R8OJG8cPqnD4Kga6rltWCsuUDRDmTBRZf2JxQU4uEJmbLfwlmYtuVmXY
oRsvPbhK7+gpmYWWPcWTAXaWr2DbpFMrR5iUso5KB8zcPRMa5/ebbaXn7AenSuqS
DSg0Wdt2KAc7/r+/yoicOjluLLuyi7KOdZvXiFiw+B9Y+1Qn+JlWjaolMAcEihvC
TeAZEYDiFRbHh8dz386iTVOhSYwuMjWPOlbXHbVDX6H1RpEjE0wX43bll+tnKrS1
SUw7AksATscuvilH9Nc3irvf3D3pmGOGeI4o9DI+ycDH39Z9Vy4TIwfxQciSLSs=
=SBmY
-----END PGP SIGNATURE-----
--- End Message ---
