[Debian-ha-maintainers] Bug#927714: CVE-2019-3885 CVE-2018-16877 CVE-2018-16878
wferi at niif.hu
wferi at niif.hu
Wed Apr 24 16:50:02 BST 2019
On Mon, 22 Apr 2019 09:07:04 +0200 Salvatore Bonaccorso <carnil at debian.org> wrote:
>> Please see https://www.openwall.com/lists/oss-security/2019/04/17/1
>
> Please note that when fixing the issues, in the original patchsets
> there were some behaviour regressions, I think they should be adressed
> in the followups as noted in
> https://www.openwall.com/lists/oss-security/2019/04/18/2
Hi Salvatore,
After several readings of the followup you linked to I think those
"prior behavioral changes" are the fixes themselves, that is, the more
thorough authorization checks. Don't you agree?
I proceeded to apply the patches in the pull request to the pacemaker
quilt queue. Unfortunately they introduce new symbols in libcrmcommon:
crm_ipc_is_authentic_process and pcmk__ipc_is_authentic_process_active.
Am I expected to update the libtool version info in light of this?
--
Thanks,
Feri
More information about the Debian-ha-maintainers
mailing list