Hi, 2017-01-04 21:08 GMT+01:00 Bálint Réczey <[email protected]>: > Hi Zigo, > > 2017-01-04 16:28 GMT+01:00 Thomas Goirand <[email protected]>: >> Hi, >> >> I don't think any of the maintainers of RabbitMQ cares about Wheezy >> anymore, so it'd be very nice if someone from the LTS team was taking >> care of it. > > OK, I'll take care of it. (Claimed in dla-needed.txt, too.)
It turned out Wheezy is not affected thus I removed the package from the dla list. During checking I have also prepared a fix for which I have attached to #849849. Cheers, Balint > > Cheers, > Balint > >> >> Cheers, >> >> Thomas Goirand (zigo) >> >> On 12/30/2016 11:16 PM, Ola Lundqvist wrote: >>> Hi >>> >>> I forgot to mention that I do not have proof that this is a >>> vulnerability also in the version in wheezy. The advisory mentions >>> that 3.x branch is affected. It do not mention 2.x. However I do not >>> see a reason why it should not be vulnerable. So I'll leave that to >>> the one investigating how to fix this. >>> >>> Best regards >>> >>> // Ola >>> >>> On 30 December 2016 at 23:04, Ola Lundqvist <[email protected]> wrote: >>>> Hello dear maintainer(s), >>>> >>>> the Debian LTS team would like to fix the security issues which are >>>> currently open in the Wheezy version of rabbitmq-server: >>>> https://security-tracker.debian.org/tracker/CVE-2016-9877 >>>> >>>> Would you like to take care of this yourself? >>>> >>>> If yes, please follow the workflow we have defined here: >>>> https://wiki.debian.org/LTS/Development >>>> >>>> If that workflow is a burden to you, feel free to just prepare an >>>> updated source package and send it to [email protected] >>>> (via a debdiff, or with an URL pointing to the source package, >>>> or even with a pointer to your packaging repository), and the members >>>> of the LTS team will take care of the rest. Indicate clearly whether you >>>> have tested the updated package or not. >>>> >>>> If you don't want to take care of this update, it's not a problem, we >>>> will do our best with your package. Just let us know whether you would >>>> like to review and/or test the updated package before it gets released. >>>> >>>> You can also opt-out from receiving future similar emails in your >>>> answer and then the LTS Team will take care of rabbitmq-server updates >>>> for the LTS releases. >>>> >>>> Thank you very much. >>>> >>>> Ola Lundqvist, >>>> on behalf of the Debian LTS team. >>>> >>>> PS: A member of the LTS team might start working on this update at >>>> any point in time. You can verify whether someone is registered >>>> on this update in this file: >>>> https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup >>>> >>> >>> >>> >>
