Accepted corosync 3.1.9-2 (source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted corosync 3.1.9-2 (source) into unstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Sat, 21 Jun 2025 10:20:44 +0000
Message-id: <[🔎] E1uSvL2-00CmFd-EP@fasolo.debian.org>
Mail-followup-to: debian-devel@lists.debian.org
Reply-to: debian-devel@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 21 Jun 2025 11:54:36 +0200
Source: corosync
Architecture: source
Version: 3.1.9-2
Distribution: unstable
Urgency: medium
Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 1102006
Changes:
 corosync (3.1.9-2) unstable; urgency=medium
 .
   * [d29071e] New patch: totemsrp: Check size of orf_token msg.
     Cherry-picked security fix for CVE-2025-30472, upstream commit
     7839990f9cdf34e55435ed90109e82709032466a.
     Corosync through 3.1.9, if encryption is disabled or the attacker knows
     the encryption key, has a stack-based buffer overflow in
     orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
     Thanks to Jan Friesse (Closes: #1102006)
Checksums-Sha1:
 eb737822d497157e30ce3a2c3c52d017e16fb560 3495 corosync_3.1.9-2.dsc
 c48d792880e0a458e35790b80c5790952133bbc7 28364 corosync_3.1.9-2.debian.tar.xz
 9dc5ca13a7ee127d32f010ba6fe9317530948593 17016 corosync_3.1.9-2_amd64.buildinfo
Checksums-Sha256:
 1c51c08432b5d9627a859a94a54cf249b61de4efccd9f667e25a2f15d1f34fbf 3495 corosync_3.1.9-2.dsc
 213f3ae942851b1c0685cefc1dd222bd0f5001e1b6eb7b246a472148a755b65f 28364 corosync_3.1.9-2.debian.tar.xz
 12c37d07517be73fb708484ccf4fa3b6a06766e66cfb7ac14720e41d6d618d25 17016 corosync_3.1.9-2_amd64.buildinfo
Files:
 559c407bcff892f4e628836b72d1dbd3 3495 admin optional corosync_3.1.9-2.dsc
 ed24f6d264f3d9d38ec5f4f14fa426dd 28364 admin optional corosync_3.1.9-2.debian.tar.xz
 796d9693749766825fb00566ff501186 17016 admin optional corosync_3.1.9-2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmhWgeEACgkQOsj3Fkd+
2yP+MxAAkEzAyTMW/Vyi29++vG9s4zidWwqWa9/QQOrcSg/A/Ccyj+v6Edkotmdh
jjCBOmBUNc7UrWNRyys0WacTMUS19auV/ypHbARUzWs+yiq4LJghxmetby3pQRh8
bAMH7fmPaGxwBen901gPMeOkzu3lkclnqUuBzuRb1Dxm/JRr4ygjXVBb6eztMGQ0
K2tOEoJKqt5DRQ3CQsoGv42GnDtDt6Xm3NyFXNUTWD2s9l3n0pxIX3BSx6hreqHC
oHb8bgD6mQ2gs1FUkgd7fO8Oem7koURnszYhZ3AJ0virsC0K6lZa3KLiNoiG0vID
3zrBHqfcaGf4yqwXJJMq/iAoMw7QokktzbprLPVC8+e8zDsqkaq48kp5Yoo0EFwO
wK/OifD9WBgTLhYMdH8MpA/G6GrsxXaBYEHpw/6h23Z6OXGzqzCgm9RDOqWrclU3
7b3VbHWJ6hnBYkcQJdrImTm4XTf9CQhUkGUtlcOlNmoN0NMmO/3UFIRAzrGTW0LH
TujPFHIsbflPJywXZGGSFZgSvuV2mtYuORUydyV4F8w/aRBfS2nyUOT2AvQtKZC2
09tPdj/JC3UTxaWzuBuuPLKjvj5xoN6FpC/8J0+qc9Fb1dGuEqLUZjAc8CpCAofD
OdxrTjVH0IQUMBPBNO968Qh59xx6E2lwZoqnwY52M9weqFIUzOM=
=C4Vl
-----END PGP SIGNATURE-----

Attachment: pgp1mX_aOIz2o.pgp
Description: PGP signature

Reply to:

Prev by Date: Accepted libsynthesis 3.4.0.47.5+syncevolution-1.5.3-1.3 (source) into unstable
Next by Date: Accepted duma 2.5.21-11 (source) into unstable
Previous by thread: Accepted libsynthesis 3.4.0.47.5+syncevolution-1.5.3-1.3 (source) into unstable
Next by thread: Accepted duma 2.5.21-11 (source) into unstable
Index(es):
- Date
- Thread