Bug#924768: marked as done (CVE-2018-1279)

Sun, 17 Mar 2019 14:12:57 -0700 

Your message dated Sun, 17 Mar 2019 22:08:43 +0100
with message-id <[email protected]>
and subject line Re: Bug#924768: CVE-2018-1279
has caused the Debian Bug report #924768,
regarding CVE-2018-1279
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
924768: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924768
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: rabbitmq-server
Severity: important
Tags: security

Please see https://pivotal.io/security/cve-2018-1279

It's not really clear whether this is a configuration error done by "RabbitMQ 
for PCF"
as a product by Pivotal or a generic issue. It's also possible that this is 
entirely
a documentation issue to be aware of when setting up a RabbitMQ server with 
multi
tenant setup.

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
On 3/17/19 12:05 PM, Moritz Muehlenhoff wrote:
> Package: rabbitmq-server
> Severity: important
> Tags: security
> 
> Please see https://pivotal.io/security/cve-2018-1279
> 
> It's not really clear whether this is a configuration error done by "RabbitMQ 
> for PCF"
> as a product by Pivotal or a generic issue. It's also possible that this is 
> entirely
> a documentation issue to be aware of when setting up a RabbitMQ server with 
> multi
> tenant setup.
> 
> Cheers,
>         Moritz

Hi Moritz,

Thanks for opening this bug and make sure everything is in order.

However, I believe that the issue is about "RabbitMQ for PCF" only,
meaning, not affecting Debian.

To setup a rabbitmq cluster, one needs to set an "erlang_cookie" with
the same value on all the RabbitMQ machines of the cluster. That's
probably what this is about, and that's therefore related to a specific
setup of RabbitMQ from Pivotal.

I therefore believe this bug can be closed.

Cheers,

Thomas Goirand (zigo)

--- End Message ---

Reply via email to