On mar., 2013-02-19 at 12:35 +0100, Moritz Muehlenhoff wrote: > Package: pacemaker > Severity: grave > Tags: security > Justification: user security hole > > Please see https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-0281 for > details > and a link to the upstream fix. > > Due to the Wheezy freeze please apply a minimal fix and request an unblock > with > the release managers. >
Hi Moritz and HA packagers, I took a look at this one, Red Hat bug links to the following commit: https://github.com/ClusterLabs/pacemaker/commit/564f7cc2a51dcd2f28ab12a13394f31be5aa3c93 which has: > commit 564f7cc2a51dcd2f28ab12a13394f31be5aa3c93 > Author: David Vossel <dvos...@redhat.com> > Date: Sat Jan 5 00:19:59 2013 -0600 > > High: core: Internal tls api improvements for reuse with future LRMD tls > bac > > cib/callbacks.c | 13 +- > cib/callbacks.h | 6 +- > cib/notify.c | 2 +- > cib/remote.c | 326 ++++++++++++++-------- > include/crm_internal.h | 36 ++- > lib/cib/cib_remote.c | 290 ++++++++++--------- > lib/common/mainloop.c | 1 + > lib/common/remote.c | 723 > ++++++++++++++++++++++++++++++++++++------------ > tools/crm_mon.c | 2 +- > 9 files changed, 939 insertions(+), 460 deletions(-) > I'm not quite sure something like that can really be accepted by the release team at that point… I have no idea if it's possible to only pick the timeout-related changes, maybe asking upstream would help on this. Regards, -- Yves-Alexis
signature.asc
Description: This is a digitally signed message part
