[Debian-ha-maintainers] Bug#974563: corosync unable to communicate with pacemaker 1.1.16-1+deb9u1 which contains the fix for CVE-2020-25654

[Louis Sautier]

On 17/11/2020 18:41, Alejandro Taboada wrote:
> Thank you Markus,
> 
> I just updated deb9u2 and works fine. Let me know when you have new updates and I can test this thing.
> 
> Regards,
> Alejandro
> 
>> On 17 Nov 2020, at 05:16, Markus Koschany <apo at debian.org> wrote:
>>
>> Control: severity -1 normal
>>
>> Am Montag, den 16.11.2020, 09:22 -0300 schrieb Alejandro Taboada:
>>> Hi Markus,
>>>
>>> Sorry for the delay. With this patch works when is applied only to 1 node.
>>> The services restart and the arm resources are up.
>>> The problem appears again when I install the patch on a 2nd node. The the
>>> resources stopped again.
>>
>> Hello Alejandro,
>>
>> thanks for your feedback. At the moment I cannot reproduce the problem hence I
>> have reverted the patch and uploaded a new revision, 1.1.16-1+deb9u2, of
>> pacemaker to stretch-security which restores the old behavior. The regression
>> tests shipped with pacemaker also don't report anything unusual. I will keep
>> this bug report open for discussions and work on another update. This time I
>> intend to upgrade pacemaker to the latest upstream release in the 1.1.x branch
>> which is currently 1.1.24~rc1. This one also includes fixes for CVE-2018-16878
>> and CVE-2018-16877. I expect no big changes in terms of existing features but I
>> will send new packages for testing before I upload a new upstream release. 
>>
>> Regards,
>>
>> Markus
> 
> 
I can confirm that 1.1.16-1+deb9u2 works as expected, thanks for the fix.

Kind regards,

Louis

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20201118/954a5c79/attachment.sig>