[Debian-ha-maintainers] corosync_3.1.9-2_source.changes ACCEPTED into unstable
Debian FTP Masters
ftpmaster at ftp-master.debian.org
Sat Jun 21 11:20:44 BST 2025
Thank you for your contribution to Debian.
Accepted:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 21 Jun 2025 11:54:36 +0200
Source: corosync
Architecture: source
Version: 3.1.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers <debian-ha-maintainers at lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi at debian.org>
Closes: 1102006
Changes:
corosync (3.1.9-2) unstable; urgency=medium
.
* [d29071e] New patch: totemsrp: Check size of orf_token msg.
Cherry-picked security fix for CVE-2025-30472, upstream commit
7839990f9cdf34e55435ed90109e82709032466a.
Corosync through 3.1.9, if encryption is disabled or the attacker knows
the encryption key, has a stack-based buffer overflow in
orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
Thanks to Jan Friesse (Closes: #1102006)
Checksums-Sha1:
eb737822d497157e30ce3a2c3c52d017e16fb560 3495 corosync_3.1.9-2.dsc
c48d792880e0a458e35790b80c5790952133bbc7 28364 corosync_3.1.9-2.debian.tar.xz
9dc5ca13a7ee127d32f010ba6fe9317530948593 17016 corosync_3.1.9-2_amd64.buildinfo
Checksums-Sha256:
1c51c08432b5d9627a859a94a54cf249b61de4efccd9f667e25a2f15d1f34fbf 3495 corosync_3.1.9-2.dsc
213f3ae942851b1c0685cefc1dd222bd0f5001e1b6eb7b246a472148a755b65f 28364 corosync_3.1.9-2.debian.tar.xz
12c37d07517be73fb708484ccf4fa3b6a06766e66cfb7ac14720e41d6d618d25 17016 corosync_3.1.9-2_amd64.buildinfo
Files:
559c407bcff892f4e628836b72d1dbd3 3495 admin optional corosync_3.1.9-2.dsc
ed24f6d264f3d9d38ec5f4f14fa426dd 28364 admin optional corosync_3.1.9-2.debian.tar.xz
796d9693749766825fb00566ff501186 17016 admin optional corosync_3.1.9-2_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmhWgeEACgkQOsj3Fkd+
2yP+MxAAkEzAyTMW/Vyi29++vG9s4zidWwqWa9/QQOrcSg/A/Ccyj+v6Edkotmdh
jjCBOmBUNc7UrWNRyys0WacTMUS19auV/ypHbARUzWs+yiq4LJghxmetby3pQRh8
bAMH7fmPaGxwBen901gPMeOkzu3lkclnqUuBzuRb1Dxm/JRr4ygjXVBb6eztMGQ0
K2tOEoJKqt5DRQ3CQsoGv42GnDtDt6Xm3NyFXNUTWD2s9l3n0pxIX3BSx6hreqHC
oHb8bgD6mQ2gs1FUkgd7fO8Oem7koURnszYhZ3AJ0virsC0K6lZa3KLiNoiG0vID
3zrBHqfcaGf4yqwXJJMq/iAoMw7QokktzbprLPVC8+e8zDsqkaq48kp5Yoo0EFwO
wK/OifD9WBgTLhYMdH8MpA/G6GrsxXaBYEHpw/6h23Z6OXGzqzCgm9RDOqWrclU3
7b3VbHWJ6hnBYkcQJdrImTm4XTf9CQhUkGUtlcOlNmoN0NMmO/3UFIRAzrGTW0LH
TujPFHIsbflPJywXZGGSFZgSvuV2mtYuORUydyV4F8w/aRBfS2nyUOT2AvQtKZC2
09tPdj/JC3UTxaWzuBuuPLKjvj5xoN6FpC/8J0+qc9Fb1dGuEqLUZjAc8CpCAofD
OdxrTjVH0IQUMBPBNO968Qh59xx6E2lwZoqnwY52M9weqFIUzOM=
=C4Vl
-----END PGP SIGNATURE-----
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/debian-ha-maintainers/attachments/20250621/ca244fc9/attachment.sig>
More information about the Debian-ha-maintainers
mailing list