[From nobody Sun May 10 17:35:10 2026
Received: (at 1133838-close) by bugs.debian.org; 10 May 2026 16:33:44 +0000
X-Spam-Checker-Version: SpamAssassin 4.0.1-bugs.debian.org_2005_01_02
 (2024-03-25) on buxtehude.debian.org
X-Spam-Level: 
X-Spam-Status: No, score=-113.1 required=4.0 tests=BAYES_00,DKIM_SIGNED,
 DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FVGT_m_MULTI_ODD,HAS_BUG_NUMBER,
 MD5_SHA1_SUM,PGPSIGNATURE,RCVD_IN_DNSWL_MED,SPF_HELO_PASS,SPF_PASS,
 USER_IN_DKIM_WELCOMELIST autolearn=ham autolearn_force=no
 version=4.0.1-bugs.debian.org_2005_01_02
X-Spam-Bayes: score:0.0000 Tokens: new, 6; hammy, 150; neutral, 243; spammy,
 0. spammytokens: hammytokens:0.000-+--HX-Debian:DAK,
 0.000-+--H*rp:D*ftp-master.debian.org, 0.000-+--UD:debian.tar.xz,
 0.000-+--H*r:sk:fasolo., 0.000-+--H*MI:fasolo
Return-path: &lt;envelope@ftp-master.debian.org&gt;
Received: from mitropoulos.debian.org
 ([2001:648:2ffc:deb:216:61ff:fe9d:958d]:54360)
 by buxtehude.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wM768-003bFV-0j for 1133838-close@bugs.debian.org;
 Sun, 10 May 2026 16:33:44 +0000
Received: via submission
 from C=NA, ST=NA, L=Ankh Morpork, O=Debian SMTP, OU=Debian SMTP CA,
 CN=fasolo.debian.org, EMAIL=hostmaster@fasolo.debian.org (verified)
 by mitropoulos.debian.org with esmtps
 (TLS1.3:ECDHE_SECP256R1__RSA_PSS_RSAE_SHA256__AES_256_GCM:256)
 (Exim 4.96) (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wM766-001JTz-03 for 1133838-close@bugs.debian.org;
 Sun, 10 May 2026 16:33:42 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
 d=ftp-master.debian.org; s=smtpauto.fasolo; h=Date:Message-Id:Content-Type:
 Subject:MIME-Version:To:Reply-To:From:Cc:Content-Transfer-Encoding:Content-ID
 :Content-Description:In-Reply-To:References;
 bh=lpv55uTsNHkUt7rF9H0cRSN4+whCu+N8RtwG/ticThE=; b=dKLoJ1rc9ixPZTnU9yJFCfrnQq
 t3ENojdOun/XCiOFjybZDvebPvEWnaYzpo5nvmctfb6qaB/1ZZrdPShQIUGNpIB2fB1abiOaizFmM
 Nh+qp9Iqq9oXSCAANXDs4vQZVHZgZP0ASmnlkMyd6aOfYHxL/KLdRNXOcLwqBRuqiGW0e68EYkeQh
 mvvw7DbVht47A2Pho2HJh20W+lrRtA7Bg81hgf2ck7euAYsNBn662V+rBb/vBvHj4XfQPKPqibMqE
 yOTEst+iHsoSyGmSzGAiFsFlVM+7mAREYetM0qq6/rwE2sjYchrQyO9HxNqv8ibEOkvyEGPlQZNMf
 fZaLWapA==;
Received: from dak by fasolo.debian.org with local (Exim 4.98.2)
 (envelope-from &lt;envelope@ftp-master.debian.org&gt;)
 id 1wM765-00000008gg9-1sPU; Sun, 10 May 2026 16:33:41 +0000
From: Debian FTP Masters &lt;ftpmaster@ftp-master.debian.org&gt;
Reply-To: =?utf-8?q?Ferenc_W=C3=A1gner?= &lt;wferi@debian.org&gt;
To: 1133838-close@bugs.debian.org
X-DAK: dak process-policy
X-Debian: DAK
X-Debian-Package: corosync
Debian: DAK
Debian-Changes: corosync_3.1.7-1+deb12u2_source.changes
Debian-Source: corosync
Debian-Version: 3.1.7-1+deb12u2
Debian-Architecture: source
Debian-Suite: oldstable-proposed-updates
Debian-Archive-Action: accept
MIME-Version: 1.0
Subject: Bug#1133838: fixed in corosync 3.1.7-1+deb12u2
Content-Type: multipart/signed; micalg=&quot;pgp-sha256&quot;;
 protocol=&quot;application/pgp-signature&quot;;
 boundary=&quot;===============6251746567095950681==&quot;
Message-Id: &lt;E1wM765-00000008gg9-1sPU@fasolo.debian.org&gt;
Date: Sun, 10 May 2026 16:33:41 +0000
X-CrossAssassin-Score: 4

--===============6251746567095950681==
Content-Type: text/plain; charset=&quot;utf-8&quot;
Content-Transfer-Encoding: quoted-printable

Source: corosync
Source-Version: 3.1.7-1+deb12u2
Done: Ferenc W=C3=A1gner &lt;wferi@debian.org&gt;

We believe that the bug you reported is fixed in the latest version of
corosync, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1133838@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Ferenc W=C3=A1gner &lt;wferi@debian.org&gt; (supplier of updated corosync package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 May 2026 23:24:43 +0200
Source: corosync
Architecture: source
Version: 3.1.7-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian HA Maintainers &lt;debian-ha-maintainers@lists.alioth.debian.=
org&gt;
Changed-By: Ferenc W=C3=A1gner &lt;wferi@debian.org&gt;
Closes: 1133837 1133838
Changes:
 corosync (3.1.7-1+deb12u2) bookworm-security; urgency=3Dhigh
 .
   * [809a6e8] New patch: totemsrp: Return error if sanity check fails.
     Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838)
   * [70d459c] New patch: totemsrp: Fix integer overflow in memb_join_sanity.
     Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837)
Checksums-Sha1:
 3c609a8367cdd24b5160826481ca2ef3075dfece 3530 corosync_3.1.7-1+deb12u2.dsc
 1630181bcac161c6136c79979d1fa4a11356b5a3 1126053 corosync_3.1.7.orig.tar.gz
 701c40a51c13d404b89bca53f637e34880761631 801 corosync_3.1.7.orig.tar.gz.asc
 c76048a6da55e69c976396a8331db0f9d62d6106 28620 corosync_3.1.7-1+deb12u2.debi=
an.tar.xz
 72d316d7deb3ec6ca9625ce2c6aad56d2e4d784d 18240 corosync_3.1.7-1+deb12u2_amd6=
4.buildinfo
Checksums-Sha256:
 3bd019b08d3f96ecbf70991e0e386448176ae0b7b7b0599484a77c26a3a7489a 3530 corosy=
nc_3.1.7-1+deb12u2.dsc
 e6556b3a385965f21330b9383dcd1790f28a4f79e093982b40ea2ec23e0a29fa 1126053 cor=
osync_3.1.7.orig.tar.gz
 8b2b4bbcb8af17ed01c99a5f922d0630b0044850c99937a74d2afe81f8a33176 801 corosyn=
c_3.1.7.orig.tar.gz.asc
 b863c9ca4b5e356875003382dc9a5623bb3bd02625cbead29bf7616acde984e6 28620 coros=
ync_3.1.7-1+deb12u2.debian.tar.xz
 e938d2730a3da87aaa3d283b18ccd24eb4241bc360170d29f090cb6291ae09f0 18240 coros=
ync_3.1.7-1+deb12u2_amd64.buildinfo
Files:
 c5b1fc9485bac8eed70dcf83f3341d2a 3530 admin optional corosync_3.1.7-1+deb12u=
2.dsc
 83652b5ed1feecc80eac2ac9c3a2771e 1126053 admin optional corosync_3.1.7.orig.=
tar.gz
 d521f74cb8b97c6a8face1f4d5b7373d 801 admin optional corosync_3.1.7.orig.tar.=
gz.asc
 d4beaa2d5cccb95c15e5d0ab1bfc126a 28620 admin optional corosync_3.1.7-1+deb12=
u2.debian.tar.xz
 5795462d31d3d107931f6d9b3400b473 18240 admin optional corosync_3.1.7-1+deb12=
u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+NMgACgkQOsj3Fkd+
2yN4vxAAgiu8aNY85V4NrNrPTNn9QZRTPVGwg7YPhTCZC//OUDGsmweijlk/hFgW
wXk2F1B+Vebs+v/oi7vmO/mSa+srqrfPzwA7kO2xZD+HjDpmEIuZ81gM0K3E6zAV
wccACZi7ua4xYdyG4pjvHxdYFkQFfQG2H54AltIiPYwtKnsDIUU1GFG2ijQCPe5k
XlWDmVg4glj4Q8Kx2on2FYQvPifzYx/HId8aOTBQVDO1Auq/9NoMtWkNb5Zv3oQf
pbKPEVVBDJ7GnXIdX+m+wmHsYz6R6NId64l4fqeGMVMB28Oc1MrztpL04bsxOAg7
LWrcQPzn6gqh67a1IthNsiXdJpPcOhnuurUuZHQY0i/jTwPYFg9C5q04nhC0GSz3
CIDaIQak10zHutHBVJZKNfZDfacybPK+habR5KgbHEBnGQUE3ijumdEK9eoUiFFU
/PHswG41fFCKKSJafUmWl8MNSNkwR+xXNh/P5FJn/jwP6JBytDfeAAU4OjqbijsK
rBn0MU096Ed8pKINL2MQq4IgkH0NoK3g5DP+StpoeBa6PzeTp+Aw6pU0wCNVoZSZ
JB+5SXgaNUqxVUn7C6Gwo4I2piJuD3cM2wAmMGXf7nI6r0zCzWvH09cAfQgDvzJR
E5XFlV9Re9oUEPdDFhmW6sh2ZgtngquJgcbjj8CygIoAkqz6wM4=3D
=3DHE+v
-----END PGP SIGNATURE-----


--===============6251746567095950681==
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----

iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCagCzZQAKCRCb9qggYcy5
IR96AQDv/kHWfUZmHBPWHx8j7IeIx2zcxum6GznY8XF7WHgQRwEAn1b4OAGpxf5x
96x5q1VvX/MtSejt7W/RB87V/RGoCQk=
=WK+3
-----END PGP SIGNATURE-----

--===============6251746567095950681==--
]