Your message dated Thu, 30 Aug 2012 17:02:57 +0000 with message-id <e1t788v-0002rs...@franck.debian.org> and subject line Bug#683584: fixed in ganglia 3.3.8-1 has caused the Debian Bug report #683584, regarding ganglia: [Debian RT] CVE-2012-3348: arbitrary script execution to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 683584: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683584 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ganglia Severity: grave Tags: security Justification: user security hole Hi, recently released Ganglia Web fixes a remote script execution vulnerability. It has been allocated CVE-2012-3348. More info on http://ganglia.info/?p=549 and https://bugzilla.redhat.com/show_bug.cgi?id=845124 Can you prepare packages with isolated fixes for Squeeze and unstable (since we are in freeze)? Regards, -- Yves-Alexis -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-3-grsec-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash
--- End Message ---
--- Begin Message ---Source: ganglia Source-Version: 3.3.8-1 We believe that the bug you reported is fixed in the latest version of ganglia, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 683...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Pocock <dan...@pocock.com.au> (supplier of updated ganglia package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 13 Aug 2012 15:17:28 +0200 Source: ganglia Binary: ganglia-monitor ganglia-monitor-python gmetad libganglia1 libganglia1-dev ganglia-webfrontend Architecture: source all amd64 Version: 3.3.8-1 Distribution: unstable Urgency: low Maintainer: Stuart Teasdale <s...@debian.org> Changed-By: Daniel Pocock <dan...@pocock.com.au> Description: ganglia-monitor - cluster monitoring toolkit - node daemon ganglia-monitor-python - cluster monitoring toolkit - python modules ganglia-webfrontend - cluster monitoring toolkit - web front-end gmetad - cluster monitoring toolkit - Ganglia Meta-Daemon libganglia1 - cluster monitoring toolkit - shared libraries libganglia1-dev - cluster monitoring toolkit - development libraries Closes: 638628 683584 Changes: ganglia (3.3.8-1) unstable; urgency=low . * Check URL arguments thoroughly (Closes: #683584) * Fix un-initialized return code variable * Fix memory leak * Fix issue where Ganglia fails to start with NetworkManager (Closes: #638628) * Extra logging of buffer sizes for troubleshooting a common problem * Add Daniel Pocock as uploader (Debian Maintainer) * Add VCS URLs to control file. * PO translation didn't get into the package properly. . [ Stuart Teasdale ] * Stop deleting web/version.php during clean as it comes from upstream Checksums-Sha1: 04e386ac6581e633163c6ddaccbcadde8404ebf9 2357 ganglia_3.3.8-1.dsc e136f619078e26185c60c64c4abbbae64ff469c1 1797534 ganglia_3.3.8.orig.tar.gz a280816c64909da04ed9debf1c8e0cea6d4b777e 20840 ganglia_3.3.8-1.debian.tar.gz 471bd5faeb9a13e2cd149e835984093708049a4d 61056 ganglia-monitor-python_3.3.8-1_all.deb ca658517a33c2eb58bf35a97fd2a13fb9ecfc03c 668728 ganglia-webfrontend_3.3.8-1_all.deb 320cba56a91f6aef37367c4ec3e457e8bbbf0090 81432 ganglia-monitor_3.3.8-1_amd64.deb 12be592ff48a844bdf3bb7dc226881e032c85fa3 37028 gmetad_3.3.8-1_amd64.deb b8635a029bff78aa221c5f281e6e5dd16ba75c11 129488 libganglia1_3.3.8-1_amd64.deb a75e0fc92b504c8432b849ce96525257541e9a67 48042 libganglia1-dev_3.3.8-1_amd64.deb Checksums-Sha256: 80b2268fa6123fe5205f80d3518e5640b093fb0bde0651b9abc2eb29f3592aaf 2357 ganglia_3.3.8-1.dsc 1cc51f884ae729ff67c5204212ca988884958d14132c3610daa3f585fb72bef5 1797534 ganglia_3.3.8.orig.tar.gz 7dca26a4f0743fd203306a4a69cc5aa98ff060b80c43a316c5d03b952f7a6413 20840 ganglia_3.3.8-1.debian.tar.gz b4e310db17a499020cd59ee0d0a97575efa6c44c623615d818a34f8e68d161e8 61056 ganglia-monitor-python_3.3.8-1_all.deb 2420b5d9070732e12b1514370967cc814296d2d553a8f2affbb8df3200be4ebc 668728 ganglia-webfrontend_3.3.8-1_all.deb a82b72f3b3f71683aa938c1e3c603a54fcec9ca96ac6b97cdd53d36ee265cdc1 81432 ganglia-monitor_3.3.8-1_amd64.deb 6c5cbfac779d3ae64ba70ec1803a3fb336cabb3dd759d0a6062ef447a1856d67 37028 gmetad_3.3.8-1_amd64.deb f79ca81604e1a510682f31566ff7d7f8026531a7300f91a2258ebd500f79f9a3 129488 libganglia1_3.3.8-1_amd64.deb d8d1403b1ec52dd1d705a69e2aae074c0f7ed8914548b20da3283b56a4566174 48042 libganglia1-dev_3.3.8-1_amd64.deb Files: 7db25f482aa2f323ab7d939baac36d81 2357 net optional ganglia_3.3.8-1.dsc 46831245b5a5dc22abbdbeaa3d708075 1797534 net optional ganglia_3.3.8.orig.tar.gz de946ef905db554829b431824dd62315 20840 net optional ganglia_3.3.8-1.debian.tar.gz af38ede7222a3f342be483dbe80af141 61056 net optional ganglia-monitor-python_3.3.8-1_all.deb 23fa9731a918d8c1cdd8aeee58b3c977 668728 net optional ganglia-webfrontend_3.3.8-1_all.deb 47fe28fbe123faa7387e997039ceb81b 81432 net optional ganglia-monitor_3.3.8-1_amd64.deb 184c553b1ab958864aadb773ee131bd5 37028 net optional gmetad_3.3.8-1_amd64.deb 9c393f007e0c2eedbafb14b6ec9ef3dc 129488 libs optional libganglia1_3.3.8-1_amd64.deb 833e26590340375774bd9c08013ad698 48042 libdevel optional libganglia1-dev_3.3.8-1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Signed by Ana Guerrero iQIcBAEBCAAGBQJQP5pZAAoJELNGT4lqoVlILCgQAIbqCkZ7I+nOXrckWy5o7XDP V+41NSbzqn2kLkiJYWZPsZpclQKnJ7syAWZUNXlw72DJQOAvPnphouCJYjilwpgI p3O7WHJ8ndn2346o89u5sMF9m4sT81LmLOa8W8jdVCaNKFmA3MctBvrwoQIoJNGb PIGytBViC4cYj37sS3qYsef/v96XWoWZKpWTePAGLO8IbecvINmdQyZNTkJBEGAQ ReUNR6sXKPusTFVujX98iu1PseOsVCV6Mn+MMif9KaJri6H6MVzO62zDo5EANPZ4 /V9BcxPFYWk4Lbup2T+hbpHOLF8J74DaRLKnKAb4khylOnTM4yANc3bdvbnu7QqC UGgRz3jz5C/znqJ++NC/RKQacb9+zyq2KO7jyqI/c6jmNTaKnaFUGTXTsGCcckSG YUMuxTcAP3A3uagvADzNv2Ns/2Sqmn67Sr8zIC2flRJVNe4AGp0As0NPd2/FGY/L QzkxpdYA2rIMp+uxIwzQ0lwAtw00GDyOpwCt3Al9ipfaSaz27MDr1rVNfkcV40Gc PKpVFzT51SjWYW8OzmmEDYoQDRJojcxZVtvyopBEoJ16ySOtt0lYWDeLP+ZRuLZv hFgnpFTQAT8ySHM82V6z/r1h8DERAmSPSPne8uOMxahrFghY55dVW+Npb0ebmzHx bV1b796niHDR1Cj5krfZ =UhqO -----END PGP SIGNATURE-----
--- End Message ---
