Your message dated Thu, 22 Aug 2013 17:12:53 +0200
with message-id <[email protected]>
and subject line closed
has caused the Debian Bug report #702775,
regarding ganglia: limiting security support
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
702775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702775
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: ganglia
Version: 3.3.8-1
Severity: grave
Tags: security
Control: clone -1 -2
Control: reassign -2 src:ganglia-web 3.5.2-1
X-Debbugs-cc: [email protected]
Hi again,
Given the recent issues in Ganglia's web frontend and a review of some
portions of the code we, as in the security team, have decided to
limit ganglia's security support to installations behind a trusted
HTTP zone.
Any vulnerability that is only relevant when exposing ganglia's web
frontend to a non-secure zone will therefore be treated as a non-issue
by the security team. They could still be fixed via a SPU, however.
As such, please add a README.Debian.security file briefly mentioning
the limited security support, effective for the version in wheezy and
newer.
Thanks in advance.
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---
Source: ganglia
Source-Version: 3.4.0-1
This bug is effectively non-existent in src:ganglia since 3.4.0, because
the ganglia-web package has been built from a different source package
(src:ganglia-web) since that version
--- End Message ---
