Debian Package Tracker - rabbitmq-server

general

source: rabbitmq-server (main)
version: 3.7.8-5
maintainer: Debian OpenStack (DMD)
uploaders: James Page [DMD] – Thomas Goirand [DMD]
arch: all
std-ver: 4.2.1
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 3.3.5-1.1+deb8u1
o-o-sec: 3.3.5-1.1+deb8u1
oldstable: 3.6.6-1
old-bpo: 3.6.10-1~bpo9+1
stable: 3.7.8-4
testing: 3.7.8-4
unstable: 3.7.8-5

versioned links

3.3.5-1.1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.6-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.6.10-1~bpo9+1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.8-4: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
3.7.8-5: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

rabbitmq-server (5 bugs: 0, 4, 1, 0)

action needed

The package has not entered testing even though the delay is over normal

The package has not entered testing even though the 5-day delay is over. Check why.

Created: 2019-06-23 Last update: 2019-08-22 05:15

2 bugs tagged patch in the BTS normal

The BTS contains patches fixing 2 bugs, consider including or untagging them.

Created: 2019-04-01 Last update: 2019-08-22 05:04

Fails to build during reproducibility testing normal

A package building reproducibly enables third parties to verify that the source matches the distributed binaries. It has been identified that this source package produced different results, failed to build or had other issues in a test environment. Please read about how to improve the situation!

Created: 2018-11-09 Last update: 2019-08-22 03:31

4 new commits since last upload, is it time to release? normal

vcswatch reports that this package seems to have new commits in its VCS but has not yet updated debian/changelog. You should consider updating the Debian changelog and uploading this new version into the archive.

Here are the relevant commit logs:

commit bc7dd0d82b752a0f87a4c6b604f767cb5fec8329
Merge: 1ce3730 23d53be
Author: Thomas Goirand <zigo@debian.org>
Date:   Thu Jul 18 21:31:37 2019 +0200

    Merge branch 'debian/stein' of ssh://salsa.debian.org/openstack-team/third-party/rabbitmq-server into debian/stein

commit 23d53be3fa1ae414ab6284a76dfefd45c3cb9b7d
Author: Ondřej Nový <onovy@debian.org>
Date:   Thu Jul 18 18:34:55 2019 +0200

    Use debhelper-compat instead of debian/compat

commit 1ce3730a8f36806f26843bba6e24fc8dd9e8767e
Author: Thomas Goirand <zigo@debian.org>
Date:   Mon Jun 17 23:00:05 2019 +0200

    Also package rabbitmq-diagnostics.

commit 4adc87a63f56d30961eadd1def8850523804f94b
Author: Ondřej Nový <onovy@debian.org>
Date:   Wed Jan 9 14:42:13 2019 +0100

    Removing gbp.conf, not used anymore or should be specified in the developers dotfiles

Created: 2019-01-09 Last update: 2019-08-17 09:45

6 ignored security issues in jessie low

There are 6 open security issues in jessie.

6 issues skipped by the security teams:

CVE-2015-0862: Multiple cross-site scripting (XSS) vulnerabilities in the management web UI in the RabbitMQ management plugin before 3.4.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) message details when a message is unqueued, such as headers or arguments; (2) policy names, which are not properly handled when viewing policies; (3) details for AMQP network clients, such as the version; allow remote authenticated administrators to inject arbitrary web script or HTML via (4) user names, (5) the cluster name; or allow RabbitMQ cluster administrators to (6) modify unspecified content.
CVE-2015-8786: The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of service (resource consumption) via the (1) lengths_age or (2) lengths_incr parameter.
CVE-2014-9650: CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.
CVE-2014-9649: Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.
CVE-2017-4965: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVE-2017-4967: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Please fix them.

Created: 2015-07-12 Last update: 2019-07-07 09:01

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2017-4966: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. RabbitMQ management UI stores signed-in user credentials in a browser's local storage without expiration, making it possible to retrieve them using a chained attack.
CVE-2017-4967: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.
CVE-2017-4965: An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.6.9; and these RabbitMQ for PCF versions: all 1.5.x versions, 1.6.x versions prior to 1.6.18, and 1.7.x versions prior to 1.7.15. Several forms in the RabbitMQ management UI are vulnerable to XSS attacks.

Please fix them.

Created: 2017-05-08 Last update: 2019-07-07 09:01

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.0 instead of 4.2.1).

Created: 2018-12-23 Last update: 2019-07-08 20:08

testing migrations

excuses:
- 65 days old (5 needed)
- Piuparts tested OK - https://piuparts.debian.org/sid/source/r/rabbitmq-server.html
- autopkgtest for php-amqplib: amd64: Test in progress
- Checking build-dependency on amd64
- Not built on buildd: arch all binaries uploaded by zigo
- Not considered

news

[rss feed]

[2019-06-18] Accepted rabbitmq-server 3.7.8-5 (source all) into unstable (Thomas Goirand)
[2018-11-05] rabbitmq-server 3.7.8-4 MIGRATED to testing (Debian testing watch)
[2018-11-04] rabbitmq-server REMOVED from testing (Debian testing watch)
[2018-10-30] Accepted rabbitmq-server 3.7.8-4 (source all) into unstable (Thomas Goirand)
[2018-10-29] Accepted rabbitmq-server 3.7.8-3 (source all) into unstable (Thomas Goirand)
[2018-10-29] Accepted rabbitmq-server 3.7.8-2 (source all) into unstable (Thomas Goirand)
[2018-10-25] Accepted rabbitmq-server 3.7.8-1 (source all) into unstable (Thomas Goirand)
[2017-10-25] Accepted rabbitmq-server 3.6.10-1~bpo9+1 (source all) into stretch-backports, stretch-backports (Andreas Tille)
[2017-07-04] rabbitmq-server 3.6.10-1 MIGRATED to testing (Debian testing watch)
[2017-06-28] Accepted rabbitmq-server 3.6.10-1 (source all) into unstable (Thomas Goirand)
[2017-01-15] Accepted rabbitmq-server 3.3.5-1.1+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates (Thomas Goirand)
[2017-01-09] rabbitmq-server 3.6.6-1 MIGRATED to testing (Debian testing watch)
[2017-01-03] Accepted rabbitmq-server 3.6.6-1 (source) into unstable (Ondřej Kobližek) (signed by: Ondřej Nový)
[2016-11-09] rabbitmq-server 3.6.5-1 MIGRATED to testing (Debian testing watch)
[2016-11-03] Accepted rabbitmq-server 3.6.5-1 (source all) into unstable (Thomas Goirand)
[2016-10-25] rabbitmq-server REMOVED from testing (Debian testing watch)
[2016-01-24] rabbitmq-server 3.5.7-1 MIGRATED to testing (Debian testing watch)
[2016-01-18] Accepted rabbitmq-server 3.5.7-1 (source all) into unstable (James Page)
[2015-11-16] rabbitmq-server 3.5.4-3.1 MIGRATED to testing (Britney)
[2015-11-10] Accepted rabbitmq-server 3.5.4-3.1 (source) into unstable (Antonio Terceiro)
[2015-10-12] rabbitmq-server 3.5.4-3 MIGRATED to testing (Britney)
[2015-10-06] Accepted rabbitmq-server 3.5.4-3 (source all) into unstable (Thomas Goirand)
[2015-10-05] Accepted rabbitmq-server 3.5.4-2 (source all) into unstable (Thomas Goirand)
[2015-08-10] rabbitmq-server 3.5.4-1 MIGRATED to testing (Britney)
[2015-08-04] Accepted rabbitmq-server 3.5.4-1 (source all) into unstable (James Page)
[2015-06-08] rabbitmq-server 3.5.1-2 MIGRATED to testing (Britney)
[2015-06-02] Accepted rabbitmq-server 3.5.1-2 (source all) into unstable (James Page)
[2015-05-19] rabbitmq-server 3.5.1-1 MIGRATED to testing (Britney)
[2015-05-13] Accepted rabbitmq-server 3.5.1-1 (source all) into unstable (James Page)
[2015-04-27] rabbitmq-server 3.4.3-2 MIGRATED to testing (Britney)

bugs [bug history graph]

all: 8
RC: 0
I&N: 7
M&W: 1
F&P: 0
patch: 2

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker
screenshots

ubuntu

[Information about Ubuntu for Debian Developers]

version: 3.7.8-4ubuntu2
18 bugs (1 patch)
patches for 3.7.8-4ubuntu2