Your message dated Tue, 28 May 2013 09:21:51 +0000 with message-id <e1uhg6j-0006nf...@franck.debian.org> and subject line Bug#702775: fixed in ganglia-web 3.5.8-2 has caused the Debian Bug report #702775, regarding ganglia: limiting security support to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 702775: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702775 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ganglia Version: 3.3.8-1 Severity: grave Tags: security Control: clone -1 -2 Control: reassign -2 src:ganglia-web 3.5.2-1 X-Debbugs-cc: t...@security.debian.org Hi again, Given the recent issues in Ganglia's web frontend and a review of some portions of the code we, as in the security team, have decided to limit ganglia's security support to installations behind a trusted HTTP zone. Any vulnerability that is only relevant when exposing ganglia's web frontend to a non-secure zone will therefore be treated as a non-issue by the security team. They could still be fixed via a SPU, however. As such, please add a README.Debian.security file briefly mentioning the limited security support, effective for the version in wheezy and newer. Thanks in advance. Cheers, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
--- End Message ---
--- Begin Message ---Source: ganglia-web Source-Version: 3.5.8-2 We believe that the bug you reported is fixed in the latest version of ganglia-web, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 702...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Daniel Pocock <dan...@pocock.com.au> (supplier of updated ganglia-web package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 28 May 2013 10:33:04 +0200 Source: ganglia-web Binary: ganglia-webfrontend Architecture: source all Version: 3.5.8-2 Distribution: unstable Urgency: low Maintainer: Debian Monitoring Maintainers <pkg-monitoring-maintain...@lists.alioth.debian.org> Changed-By: Daniel Pocock <dan...@pocock.com.au> Description: ganglia-webfrontend - cluster monitoring toolkit - web front-end Closes: 702775 710070 Changes: ganglia-web (3.5.8-2) unstable; urgency=low . * Correct GWEB_STATEDIR (Closes: #710070) * Add a README.Debian.security file discussing limited security support for this package (closes: #702775). Checksums-Sha1: 1c54f9562d15072cd1aaba2e528456b201af3bd4 2036 ganglia-web_3.5.8-2.dsc 1c6bcb9db0292d6f680790087604890f288740cd 13229 ganglia-web_3.5.8-2.debian.tar.gz f5e408c5babfa5ab7afa719625aec4eeee40d03f 1406896 ganglia-webfrontend_3.5.8-2_all.deb Checksums-Sha256: dbb63e7ab21f1d064330d0073d59f130b200d2cbdb01bd0a18a36326802719a1 2036 ganglia-web_3.5.8-2.dsc 4985ad8565c3d6a52a116265a17fd58ccc6f960b87a8bde0280b92d1deaf4df2 13229 ganglia-web_3.5.8-2.debian.tar.gz dd34a3fd378274c0220acbbc6527baa0d961ca9402cde09f36420f48ba45e2d9 1406896 ganglia-webfrontend_3.5.8-2_all.deb Files: 9e1bb2e5330de00039be09c6fc9432a8 2036 net optional ganglia-web_3.5.8-2.dsc aecf2ae8166584b190b7e89effaae605 13229 net optional ganglia-web_3.5.8-2.debian.tar.gz 740b3eb8eaf5dec42e33283bfdaad6da 1406896 net optional ganglia-webfrontend_3.5.8-2_all.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQIcBAEBCAAGBQJRpHMPAAoJEOm1uwJp1aqD3FcP/0BvFtGOig1AnR/egk3qELDf 9Snf14nEmY8OjP7ScX46p7c6mTb6COj7JHApRQ1LxxgXhjkeSSeS19NKbLJVjtFV g1RmewiXTg8GSPhxfNsggwjBCJPtJWdVIp3PTTBmc7TuHDxvve3BFXwJ2xgmzKRB QSKg7l7nU0xbDNMMBsbnn8qgMzQGs6/K70N/e892AoEZcR5HFOOqgNdH3tjpgZSx iCDF/Ei8y8dPLv6h64O8dLN4ianMrwYlKZW///CU60lFBZZlg+loGS6gBKlsoe+k jC+1g7odxpUF0fvgxGn9nEAxBwIhnZz30G7pzIp1JQeAGoLf0tGCqLisULLlh2Q9 bi3NXyi/iDnhcwwegsWuWS9y5TZAnp89PjULVZarysw9NodF7gm+izfogVqmx0Tn BiZ9/OZ3ZQwnGWYeL2qY2gc014Q7rvHfVSVy3q1kebYjR0dCjsu1Q3jwgTRQdn9V ucIQqqM1+cv3zbo/grPrSyMn6c1DJLKprD4q25tykg6bvxTku4onz8SAzwhhctUd 7GGJVAK5YVRVkyFYch+ZQgOt1VnDPm9Y2Kwfolt7iKJi2BNa4jQByEJykmbX/lHC +HbWh+Np8lgx5lxuf62GrhQuVKN3SGFEyjUYqbAYb0F5OGXt4s5kbzri9bh99NuG wf61olDzXXpWS737BZC+ =1mPf -----END PGP SIGNATURE-----
--- End Message ---
