Re: Wheezy update of pacemaker?

To: Thorsten Alteholz <debian@alteholz.de>
Cc: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>, Adrian Vondendriesch <adrian.vondendriesch@credativ.de>, Richard B Winters <rik@mmogp.com>, Christoph Berg <myon@debian.org>, debian-lts@lists.debian.org
Subject: Re: Wheezy update of pacemaker?
From: wferi@niif.hu (Ferenc Wágner)
Date: Sat, 01 Oct 2016 20:11:02 +0200
Message-id: <[🔎] 87ponklz2h.fsf@lant.ki.iif.hu>
In-reply-to: <[🔎] alpine.DEB.2.02.1610011746320.16288@jupiter.server.alteholz.net> (Thorsten Alteholz's message of "Sat, 1 Oct 2016 17:48:00 +0200 (CEST)")
References: <[🔎] alpine.DEB.2.02.1610011746320.16288@jupiter.server.alteholz.net>

Thorsten Alteholz <debian@alteholz.de> writes:

> the Debian LTS team would like to fix the security issues which are
> currently open in the Wheezy version of pacemaker:
> https://security-tracker.debian.org/tracker/CVE-2016-7797

Hi,

I don't see how this affects 1.1.7 (the wheezy version of Pacemaker).
The linked bug report describes a DoS against remote nodes, but remote
nodes were introduced in 1.1.10 only, by 1debe12.  The code fixed by the
linked commit (5ec24a26) was introduced even later, in 1.1.12, by
87f4091.
-- 
Feri

Reply to:

Follow-Ups:
- Re: [Debian-ha-maintainers] Wheezy update of pacemaker?
  - From: wferi@niif.hu (Ferenc Wágner)

References:
- Wheezy update of pacemaker?
  - From: Thorsten Alteholz <debian@alteholz.de>

Prev by Date: Re: Security update of firefox-esr for Wheezy
Next by Date: Re: Wheezy update for qemu ?
Previous by thread: Wheezy update of pacemaker?
Next by thread: Re: [Debian-ha-maintainers] Wheezy update of pacemaker?
Index(es):
- Date
- Thread