[Debian-ha-maintainers] Bug#700923: [Secure-testing-team] Bug#700923: pacemaker: CVE-2013-0281
Thijs Kinkhorst
thijs at debian.org
Sat Mar 2 11:25:21 UTC 2013
severity 700923 important
thanks
Hi,
I find it unlikely that in serious deployments remote cib management would be
enabled for untrusted connections. This kind of management usually happens
over separate networks or is appropriately guarded by other controls. And
where not, the worst result is a DoS which gets immediately noticed and is
quickly fixable by adding said controls or disabling remote management.
I believe this to be a low-risk issue and therefore don't think we need to
issue a DSA for it. If a straightforward patch should surface, it can and
should be fixed in a spu and for wheezy.
Cheers,
Thijs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/debian-ha-maintainers/attachments/20130302/9e201ac7/attachment.pgp>
More information about the Debian-ha-maintainers
mailing list