[From nobody Sun May 10 17:35:07 2026 Received: (at 1133838-close) by bugs.debian.org; 10 May 2026 16:32:08 +0000 X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02 (2024-03-25) on buxtehude.debian.org X-Spam-Level: X-Spam-Status: No, score=-114.1 required=4.0 tests=ALL_TRUSTED,BAYES_00, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FOURLA, FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,MD5_SHA1_SUM,PGPSIGNATURE, SPF_HELO_PASS,SPF_PASS,USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no version=4.0.1-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 7; hammy, 150; neutral, 241; spammy, 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK, 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz, 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo Return-path: <envelope@ftp-master.debian.org> Received: from mailly.debian.org ([2001:41b8:202:deb:6564:a62:52c3:4b72]:46070) by buxtehude.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wM74a-003b4M-2f for 1133838-close@bugs.debian.org; Sun, 10 May 2026 16:32:08 +0000 Received: via submission from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA, CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified) by mailly.debian.org with esmtps (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256) (Exim 4.96) (envelope-from <envelope@ftp-master.debian.org>) id 1wM74Y-001HRW-2b for 1133838-close@bugs.debian.org; Sun, 10 May 2026 16:32:06 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type: Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID :Content-Description:In-Reply-To:References; bh=yfAbt4b66+wmqq6F062V28ZKQeK7iPaPu6O0fJf3i6g=; b=FLhaWwpByue31L38bv7F490kWC 3w3oBC016PT7+BjKE3GpwO/RKIcZZ+B3XxhiYPR5bIEQOAvpg9YMzTgLMsLvFLUHEsvq+0zcL/lGq xsEu3nBaI0wcXM6HW/o3DshTMjfms33b4y9LjO42T8Cmbmv0z2tAJWnjpV2Ka1c/dXicpTsLY7cQV 8ybbOIfigaXsMpdzC4dvWk9vY3Ld8FSSYAe+jvURGgO7TrzrOZjfJM1H/ptmBvv/8DAAqWsK3sRks F94VnFD/gE/5F0Tto4Ifv5pTNaezGsgmstW/rnYmFfFORpp5W10+ixywumgxS6J8M/b76+0aylaMr 4BSHfiPw==; Received: from dak by fasolo.debian.org with local (Exim 4.98.2) (envelope-from <envelope@ftp-master.debian.org>) id 1wM74X-00000008gTl-1kYK; Sun, 10 May 2026 16:32:05 +0000 From: Debian FTP Masters <ftpmaster@ftp-master.debian.org> Reply-To: =?utf-8?q?Ferenc_W=C3=A1gner?= <wferi@debian.org> To: 1133838-close@bugs.debian.org X-DAK: dak process-policy X-Debian: DAK X-Debian-Package: corosync Debian: DAK Debian-Changes: corosync_3.1.9-2+deb13u1_source.changes Debian-Source: corosync Debian-Version: 3.1.9-2+deb13u1 Debian-Architecture: source Debian-Suite: proposed-updates Debian-Archive-Action: accept MIME-Version: 1.0 Subject: Bug#1133838: fixed in corosync 3.1.9-2+deb13u1 Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="===============6628672928345183554==" Message-Id: <E1wM74X-00000008gTl-1kYK@fasolo.debian.org> Date: Sun, 10 May 2026 16:32:05 +0000 X-CrossAssassin-Score: 2 --===============6628672928345183554== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Source: corosync Source-Version: 3.1.9-2+deb13u1 Done: Ferenc W=C3=A1gner <wferi@debian.org> We believe that the bug you reported is fixed in the latest version of corosync, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1133838@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Ferenc W=C3=A1gner <wferi@debian.org> (supplier of updated corosync package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 07 May 2026 22:36:24 +0200 Source: corosync Architecture: source Version: 3.1.9-2+deb13u1 Distribution: trixie-security Urgency: high Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.= org> Changed-By: Ferenc W=C3=A1gner <wferi@debian.org> Closes: 1133837 1133838 Changes: corosync (3.1.9-2+deb13u1) trixie-security; urgency=3Dhigh . * [128a6c1] New patch: totemsrp: Return error if sanity check fails. Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838) * [f46d7eb] New patch: totemsrp: Fix integer overflow in memb_join_sanity. Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837) Checksums-Sha1: 8c988428e51a41f9f3640ce02068c1478dedde1b 3527 corosync_3.1.9-2+deb13u1.dsc 2ceb27fe91b45d64eabbfec59ae1937e71697296 1173752 corosync_3.1.9.orig.tar.gz 75542a3860618304074d6834b864d57623248846 833 corosync_3.1.9.orig.tar.gz.asc 37482e179d0e3191d804694e7f3ea01d2d04ab62 29240 corosync_3.1.9-2+deb13u1.debi= an.tar.xz 4fc1340465ede7991afbdc96d1869a5c5936324f 17780 corosync_3.1.9-2+deb13u1_amd6= 4.buildinfo Checksums-Sha256: 2548699634f9d6e00c0f891e511757a7b226372b9a91dbd1d6faecc6625ff31e 3527 corosy= nc_3.1.9-2+deb13u1.dsc 203354bbddee1a97b3c50a076eae89c635f406dd674ccaefc94bb9092acd9535 1173752 cor= osync_3.1.9.orig.tar.gz 56ec7d4946a7cba06a5ba7d9010fa1dab96fb0473e617ca08bf9adcc461e8c0d 833 corosyn= c_3.1.9.orig.tar.gz.asc 4f71eae2bd36a2df04f0ed88703ae2e50f0e2c6ac329e6007947dbe732eafdaf 29240 coros= ync_3.1.9-2+deb13u1.debian.tar.xz 9fd4c4fddda17003f9f76c040bd1c35258dc8a6a2771107a03163d2e9fe00413 17780 coros= ync_3.1.9-2+deb13u1_amd64.buildinfo Files: 7bcc6d7e5cf60380464479d145479628 3527 admin optional corosync_3.1.9-2+deb13u= 1.dsc 4d2ec0131fbce1e30773903a19d3f064 1173752 admin optional corosync_3.1.9.orig.= tar.gz e8b971df39b3c496d56ae723909e8710 833 admin optional corosync_3.1.9.orig.tar.= gz.asc 5beb85e191ff9f34a282dcd56fba985e 29240 admin optional corosync_3.1.9-2+deb13= u1.debian.tar.xz 9abffd059b4373fa88a6be88c909b190 17780 admin optional corosync_3.1.9-2+deb13= u1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+Nh0ACgkQOsj3Fkd+ 2yOixRAAkEWP6uZqCVUTROMb02zrRve5Wj6WeuXmhbaeJeVv0WaAjJNsVmBFXzEz 7/0zA4ajMcG2gX9emKmW0HuDc/SUf6kGUr5/IqbSu7uAbXRxE8K2vVfUtobIWVEU /Bl9MgSknO3wXUSB/YBrWFR7GEjkl845Kv3MfEkd241L5HkVx7VQ0P2HmYgMqGyJ Tw2P9Ku5viYQ+1J+jkLFK46zNxTtiAkFRo9e4oBPFSn5D+xvrsiNAuFxwTckhVbg ky9+FQBMHT4tv1qUhSdG3DaHivfqEuIBKygD4ezs6Ycp7B02IDHTS7qljHNOaWdI NLKOgI4c6Q/CyYhggH/qphBfk6li1yBS7bGv1l0aNIbGZRgI2HN0jTspZY6EaKEL RYgumK+MnOrEx7Z3OLAcCsurYglP4lG5QQd8K7UesTpWrZJBL1NKtEvRHRQQkUTQ WvRI36YjnQQWkg9/KikpTlfCbA7hie1x95gRV23haKjRWRwYTN1iYtx2bKvfMQCd zkXawywUIgcRwOzsOHaWI+9UUdRGV2Jn4KF5ALQNmqmRZqEq+c80hSyD/tcb5Dwd d1gv1VJtVA0llJjTl8JiuMA/lfmtg/8+rIMezdN86NAWJpZ+Qo33OR2Di3ySeblX hlprEkPoIq2aXbRbEzjOypB7g8uZv0Y9qQIjfgX9hxxEPEf8XT0=3D =3DEHYV -----END PGP SIGNATURE----- --===============6628672928345183554== Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCagCzBQAKCRCb9qggYcy5 IWvCAP0TXAe9OztebqE1q+mOBhp2dnMH8J+KsAV9Dq4A6XACHgD/bbAzRxzUCTo2 xAL4Zb5kNij8H/Z/iBA5VWDDb/y2dwQ= =vyhR -----END PGP SIGNATURE----- --===============6628672928345183554==-- ]