Re: Accepted pcs 0.10.1-2+deb10u1 (source) into oldstable
On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
> Hello Valentin,
>
> Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
> version.
>
> LTS uploads follow a procedure which notably involves reserving a DLA in the
> security tracker and sending announcements to the mailing list and website,
> see:
> https://lts-team.pages.debian.net/wiki/LTS-Development.html
>
> Note that uploads are not validated (provided you're DD) and are immediately
> available to the end users.
>
> I can handle this administrative part of the upload (announcement text would
> be appreciated), but first I'm coordinating with you: do you have further
> work to do, are you waiting for us to check/review something?
Hi and sorry about that. I was planning to follow the DLA procedure but
ran out of time lately. The description from stable can probably be
reused here:
A security issue was discovered in pcs, a corosync and pacemaker
configuration tool:
* CVE-2022-1049
It was discovered that expired accounts were still able to login via
PAM.
For Debian 10 "Buster", the problem has been fixed in version
0.10.1-2+deb10u1.
Let me know if you will send this out or I should give it a try?
--
Valentin
Reply to: