[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted pcs 0.10.1-2+deb10u1 (source) into oldstable


On 14/09/2022 22:43, Valentin Vidic wrote:
On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed

LTS uploads follow a procedure which notably involves reserving a DLA in the
security tracker and sending announcements to the mailing list and website,

Note that uploads are not validated (provided you're DD) and are immediately
available to the end users.

I can handle this administrative part of the upload (announcement text would
be appreciated), but first I'm coordinating with you: do you have further
work to do, are you waiting for us to check/review something?

Hi and sorry about that. I was planning to follow the DLA procedure but
ran out of time lately. The description from stable can probably be
reused here:

A security issue was discovered in pcs, a corosync and pacemaker
configuration tool:

  * CVE-2022-1049
It was discovered that expired accounts were still able to login via

For Debian 10 "Buster", the problem has been fixed in version

Let me know if you will send this out or I should give it a try?

You can certainly give it a try if you have the time.
The description adapted from the DSA sounds good.

Feel free to ask here or at #debian-lts if you have further questions.

Sylvain Beucler
Debian LTS Team

Reply to: