On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
version.
LTS uploads follow a procedure which notably involves reserving a DLA in the
security tracker and sending announcements to the mailing list and website,
see:
https://lts-team.pages.debian.net/wiki/LTS-Development.html
Note that uploads are not validated (provided you're DD) and are immediately
available to the end users.
I can handle this administrative part of the upload (announcement text would
be appreciated), but first I'm coordinating with you: do you have further
work to do, are you waiting for us to check/review something?
Hi and sorry about that. I was planning to follow the DLA procedure but
ran out of time lately. The description from stable can probably be
reused here:
A security issue was discovered in pcs, a corosync and pacemaker
configuration tool:
* CVE-2022-1049
It was discovered that expired accounts were still able to login via
PAM.
For Debian 10 "Buster", the problem has been fixed in version
0.10.1-2+deb10u1.
Let me know if you will send this out or I should give it a try?