Control: tags -1 + moreinfo
On 2014-12-14 23:07, Matt Kraai wrote:
Is it OK to uploade rabbitmq-server/3.3.5-1.1 to
testing-proposed-updates?
773134 reports that it is insecure because it trusts the
X-Forwarded-For HTTP
header. The following patches were applied upstream to fix this:
* http://hg.rabbitmq.com/rabbitmq-management/rev/c3c41177a11a
* http://hg.rabbitmq.com/rabbitmq-management/rev/35e916df027d
rabbitmq-server/3.4.1-1 is already in unstable.
That new upstream version was uploaded at urgency=high the day before
the freeze, with no explanation other than "new upstream release". Given
that 3.4.0 had been out for a fortnight by that point, it looks very
much like trying to game the freeze. :-(
rabbitmq-server maintainers, are there any other RC bugs that you're
planning to file on the package?
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org