[Debian-ha-maintainers] Bug#699615: Re: Bug#699615: CVE-2013-0250 - corosync: Remote DoS due improper HMAC initialization
Salvatore Bonaccorso
carnil at debian.org
Fri Feb 22 15:05:14 UTC 2013
Control: found -1 1.99.9-1
Hi all
I had a look at the version in experimental:
On Mon, Feb 18, 2013 at 09:23:20PM +0100, Martin Gerhard Loschwitz wrote:
> I don't think we have Corosync 2.0 anywhere (we have 1.99 in experimental, I
> don't know if that specific version is affected or not just yet). So can we please
> tag this bug accordingly?
The version in experimental has on lines 407 and 408:
407 hash_param.data = 0;
408 hash_param.len = 0;
which is in init_nss_hash. So this looks like corosync in experimental
is affected.
Regards,
Salvatore
More information about the Debian-ha-maintainers
mailing list