Hi Zigo, 2017-01-04 16:28 GMT+01:00 Thomas Goirand <[email protected]>: > Hi, > > I don't think any of the maintainers of RabbitMQ cares about Wheezy > anymore, so it'd be very nice if someone from the LTS team was taking > care of it.
OK, I'll take care of it. (Claimed in dla-needed.txt, too.) Cheers, Balint > > Cheers, > > Thomas Goirand (zigo) > > On 12/30/2016 11:16 PM, Ola Lundqvist wrote: >> Hi >> >> I forgot to mention that I do not have proof that this is a >> vulnerability also in the version in wheezy. The advisory mentions >> that 3.x branch is affected. It do not mention 2.x. However I do not >> see a reason why it should not be vulnerable. So I'll leave that to >> the one investigating how to fix this. >> >> Best regards >> >> // Ola >> >> On 30 December 2016 at 23:04, Ola Lundqvist <[email protected]> wrote: >>> Hello dear maintainer(s), >>> >>> the Debian LTS team would like to fix the security issues which are >>> currently open in the Wheezy version of rabbitmq-server: >>> https://security-tracker.debian.org/tracker/CVE-2016-9877 >>> >>> Would you like to take care of this yourself? >>> >>> If yes, please follow the workflow we have defined here: >>> https://wiki.debian.org/LTS/Development >>> >>> If that workflow is a burden to you, feel free to just prepare an >>> updated source package and send it to [email protected] >>> (via a debdiff, or with an URL pointing to the source package, >>> or even with a pointer to your packaging repository), and the members >>> of the LTS team will take care of the rest. Indicate clearly whether you >>> have tested the updated package or not. >>> >>> If you don't want to take care of this update, it's not a problem, we >>> will do our best with your package. Just let us know whether you would >>> like to review and/or test the updated package before it gets released. >>> >>> You can also opt-out from receiving future similar emails in your >>> answer and then the LTS Team will take care of rabbitmq-server updates >>> for the LTS releases. >>> >>> Thank you very much. >>> >>> Ola Lundqvist, >>> on behalf of the Debian LTS team. >>> >>> PS: A member of the LTS team might start working on this update at >>> any point in time. You can verify whether someone is registered >>> on this update in this file: >>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup >>> >> >> >> >
