[Debian-ha-maintainers] Wheezy update of pacemaker?

Ferenc Wágner wferi at niif.hu
Sat Oct 1 18:11:02 UTC 2016


Thorsten Alteholz <debian at alteholz.de> writes:

> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of pacemaker:
> https://security-tracker.debian.org/tracker/CVE-2016-7797

Hi,

I don't see how this affects 1.1.7 (the wheezy version of Pacemaker).
The linked bug report describes a DoS against remote nodes, but remote
nodes were introduced in 1.1.10 only, by 1debe12.  The code fixed by the
linked commit (5ec24a26) was introduced even later, in 1.1.12, by
87f4091.
-- 
Feri



More information about the Debian-ha-maintainers mailing list