Your message dated Sun, 4 Sep 2022 20:57:14 +0200
with message-id <YxT1Crov1H/56...@eldamar.lan>
and subject line Accepted pcs 0.11.3-2 (source) into unstable
has caused the Debian Bug report #1018930,
regarding pcs: CVE-2022-2735: Obtaining an authentication token for hacluster
user leads to privilege escalation
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1018930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018930
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: pcs
Version: 0.11.3-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Control: found -1 0.10.8-1
Hi,
The following vulnerability was published for pcs.
CVE-2022-2735[0]:
| Obtaining an authentication token for hacluster user leads to
| privilege escalation
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-2735
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2735
[1] https://www.openwall.com/lists/oss-security/2022/09/01/4
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pcs
Source-Version: 0.11.3-2
This issue was fixed with the update below, but did not contain the
bug closer. Closing manually.
----- Forwarded message from Debian FTP Masters
<ftpmas...@ftp-master.debian.org> -----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 04 Sep 2022 19:08:15 +0200
Source: pcs
Architecture: source
Version: 0.11.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian HA Maintainers
<debian-ha-maintain...@lists.alioth.debian.org>
Changed-By: Valentin Vidic <vvi...@debian.org>
Changes:
pcs (0.11.3-2) unstable; urgency=high
.
* d/patches: add fix for CVE-2022-2735
Checksums-Sha1:
01f44f8743e86deb7a97f6473aa3f2dd9d79490d 2540 pcs_0.11.3-2.dsc
05204a6fafdedd3ee23f80a1139b5d1184b62af0 10048 pcs_0.11.3-2.debian.tar.xz
c2060c7ff2c3778513f986e02180c834e39ac054 8671 pcs_0.11.3-2_source.buildinfo
Checksums-Sha256:
6a5cf61328e07459c2e7d8647fca4dc5e820973971f631031418fd82195967f7 2540
pcs_0.11.3-2.dsc
db3d0afaec3d272c0f7f7bbd019818a2a7b1eb32ee21eef47ce91571fe26e01b 10048
pcs_0.11.3-2.debian.tar.xz
602438d8e136221b1444400df9e94bf9851e766824a6b8f29143675ff2b87148 8671
pcs_0.11.3-2_source.buildinfo
Files:
e997638b7e5e3dff9bdb9e87e9c9a1ae 2540 admin optional pcs_0.11.3-2.dsc
253ae1337868c304df92305808c836b8 10048 admin optional
pcs_0.11.3-2.debian.tar.xz
ed5a82896e36c2ba069563475b8b45d0 8671 admin optional
pcs_0.11.3-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmMU3+QSHHZ2aWRpY0Bk
ZWJpYW4ub3JnAAoJEDKH2JqXzah7LUQP/jUBrwxZg1/bOZegWiPgj2ny2rylMTc8
qgnhcXJutD7KRAd+od+xI7ZZoHmTyrZMlGn2iUbTmSi1+rDq4cSU6o3KHYDU95bj
PUn8mbL6FeSf1A1pypUG0p3V1S8p37/pN/t6Jluvk9As1cWs1AUuP1056hozwgmD
tlQTTKC8gfwLP+l2vY70K0he23pxn9lbQcPfxghJtLvUJCdHdVb+6Y98pAnP724P
jWUfQ3VArUJo2yJ/vqKkz5HX3j/A01lMkHlSnfJai37dYuXg7Q6a7tr73ChdRH6s
XyLwH2EwH9TC/F0prd6kMu++QEYiROBmuqvXG03NPk0zfomLYTZYtjq/j7Yzx4YR
939IJxyWicBtnO+NMaS4DGNzj5A9L6JHt22+C2aw4ZFwOZVn649GJ+lNB30kr+Ay
kbIS4pHQTpyroLn6lXWv4ArfaDZgSQ7MOffG5pIoTeWTI7h7PxqHXsZB137gnawy
zoJ1Ad/tOB+Ro1p8GZQwzuCoT3A1i2gPsfSRpbZTSyEJUMLKAo4KfKDaJ00I6g5P
qnq17ottzzSO302OCKUFe7EpbvdLuBq2qCQWDS/2kz0mdQe47P+J5cGrsYEMcWMU
2mJQlyoIRL9uS4htOwdl/sJ85D7nLhWw+ZP761g+eozOjAopOpu2V4Z0kZpR+/R8
cNAF1IaDHscb
=D7dF
-----END PGP SIGNATURE-----
----- End forwarded message -----
--- End Message ---
