[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Accepted pcs 0.10.1-2+deb10u1 (source) into oldstable

On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote:
> Hello Valentin,
> Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed
> version.
> LTS uploads follow a procedure which notably involves reserving a DLA in the
> security tracker and sending announcements to the mailing list and website,
> see:
> https://lts-team.pages.debian.net/wiki/LTS-Development.html
> Note that uploads are not validated (provided you're DD) and are immediately
> available to the end users.
> I can handle this administrative part of the upload (announcement text would
> be appreciated), but first I'm coordinating with you: do you have further
> work to do, are you waiting for us to check/review something?

Hi and sorry about that. I was planning to follow the DLA procedure but
ran out of time lately. The description from stable can probably be
reused here:

A security issue was discovered in pcs, a corosync and pacemaker
configuration tool:

 * CVE-2022-1049
   It was discovered that expired accounts were still able to login via

For Debian 10 "Buster", the problem has been fixed in version

Let me know if you will send this out or I should give it a try?


Reply to: