Discussion:
Bug#941895: monit: invalid CSRF check causes login issues
Add Reply
Sergey B Kirpichev
2019-10-07 11:10:02 UTC
Reply
Permalink
tags 941895 +moreinfo
thanks
Please consider backporting this fix to stretch in the next oldstable
point release. I haven't investigated whether it is the sole change in
5.21 or whether it would have to be cherry-picked.
5.21 should work, yes. BTW, why you can't use the stable backport?

Are you able to sponsor oldstable backport? See
https://bugs.debian.org/887350 - the previous stretch backport
was sitting on the mentors.d.n more than year...
Sergey B Kirpichev
2019-10-09 14:40:02 UTC
Reply
Permalink
severity 941895 important
thanks
I'm happy to sponsor uploads to the stable suites, certainly. You will
need approval from the stable release managers first then, and I will
avoid wearing that hat for this case in order to avoid a conflict of
interest.
I think, I can handle stable uploads myself, as I did previously. But
if not (release managers may be unhappy with changes) - backports is
only option.

Meanwhile, I'll raise issue severity (only important+ bugfixes
can enter point releases).
I don't monitor monit (haha) or sponsorship-requests generally, so drop
me a mail when you are ready for it to be uploaded.
I've cherry-picked
https://bitbucket.org/tildeslash/monit/commits/f9a9a7a92
- please test package. It was uploaded to the mentors.d.n:
https://mentors.debian.net/package/monit

Please test.
Sergey B Kirpichev
2019-10-13 09:00:02 UTC
Reply
Permalink
***@bugs.debian.org
Bcc:
Subject: Re: Bug#941895: monit: invalid CSRF check causes login issues
Reply-To: ***@gmail.com
In-Reply-To: <***@note>
X-Debbugs-No-Ack: no, please

tags 941895 +moreinfo
thanks

Ok, I'll wait for feedback for 2 weeks.
Post by Sergey B Kirpichev
I'm happy to sponsor uploads to the stable suites, certainly. You will
need approval from the stable release managers first then, and I will
avoid wearing that hat for this case in order to avoid a conflict of
interest.
I think, I can handle stable uploads myself, as I did previously. But
if not (release managers may be unhappy with changes) - backports is
only option.
Meanwhile, I'll raise issue severity (only important+ bugfixes
can enter point releases).
I don't monitor monit (haha) or sponsorship-requests generally, so drop
me a mail when you are ready for it to be uploaded.
I've cherry-picked
https://bitbucket.org/tildeslash/monit/commits/f9a9a7a92
https://mentors.debian.net/package/monit
Please test.
Loading...