Your message dated Sun, 11 Sep 2022 13:32:35 +0000 with message-id <e1oxn4d-005swv...@fasolo.debian.org> and subject line Bug#1018930: fixed in pcs 0.10.8-1+deb11u1 has caused the Debian Bug report #1018930, regarding pcs: CVE-2022-2735: Obtaining an authentication token for hacluster user leads to privilege escalation to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 1018930: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018930 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: pcs Version: 0.11.3-1 Severity: grave Tags: security upstream Justification: user security hole X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 0.10.8-1 Hi, The following vulnerability was published for pcs. CVE-2022-2735[0]: | Obtaining an authentication token for hacluster user leads to | privilege escalation If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2022-2735 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2735 [1] https://www.openwall.com/lists/oss-security/2022/09/01/4 Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: pcs Source-Version: 0.10.8-1+deb11u1 Done: Valentin Vidic <vvi...@debian.org> We believe that the bug you reported is fixed in the latest version of pcs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 1018...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Valentin Vidic <vvi...@debian.org> (supplier of updated pcs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 04 Sep 2022 21:05:29 +0200 Source: pcs Architecture: source Version: 0.10.8-1+deb11u1 Distribution: bullseye-security Urgency: high Maintainer: Debian HA Maintainers <debian-ha-maintain...@lists.alioth.debian.org> Changed-By: Valentin Vidic <vvi...@debian.org> Closes: 1018930 Changes: pcs (0.10.8-1+deb11u1) bullseye-security; urgency=high . * d/patches: add fixes for CVE-2022-1049 and CVE-2022-2735 (Closes: #1018930) Checksums-Sha1: bd50b0b7ee35361d648c7771c830a12819eb645d 2217 pcs_0.10.8-1+deb11u1.dsc 0e6b705715023ec5224ca05e977b8888f2a1b1e6 1852902 pcs_0.10.8.orig.tar.gz 07c0ab5440087197328e5ece77741f34b13b7316 167720 pcs_0.10.8-1+deb11u1.debian.tar.xz 3937213dc1a307ea4c6beee6e673885650f8cdb7 6923 pcs_0.10.8-1+deb11u1_source.buildinfo Checksums-Sha256: e75c2d70e07d2e201726e9522729a76c88ce36624fa56e48a018bc8ae16c09cf 2217 pcs_0.10.8-1+deb11u1.dsc 0698c0fd45c9ad1e88eed8d645ac0da0618ccc5a4cd141c997ae4b1c20336815 1852902 pcs_0.10.8.orig.tar.gz 1e4411401e49e1cb5adb694e0aa9bb56ffc1807bc24664659ae3be08b8eb8fed 167720 pcs_0.10.8-1+deb11u1.debian.tar.xz daadf11f6058357c9ea31ab7d11079c2d81d3e5dfbaf02763a6f29a76b811f3c 6923 pcs_0.10.8-1+deb11u1_source.buildinfo Files: 67a565b8a3a368b6a75c124309da2b94 2217 admin optional pcs_0.10.8-1+deb11u1.dsc b0f544633541e7dc14fc540ef92fbd96 1852902 admin optional pcs_0.10.8.orig.tar.gz 7657ffc23335b15b2312923c63b75527 167720 admin optional pcs_0.10.8-1+deb11u1.debian.tar.xz 08ffefc95835d6cf27c180ce1ca17f75 6923 admin optional pcs_0.10.8-1+deb11u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJGBAEBCgAwFiEExaW53cM9k/u2PWfIMofYmpfNqHsFAmMWZJgSHHZ2aWRpY0Bk ZWJpYW4ub3JnAAoJEDKH2JqXzah71NMP/jUcQN4k9bou4w1w7phWFjWTJlmJFYdq eOWcR5pGA+DUc/gp8+NzUFLkxmWE3AsmDA7QdO17HhpOZp+qWRb3DXMgmyhlBwlV zxJ3YfxQJNDgmRDbwcsy5ome37EA9BVfx1cYQcFU8wnr//czwxjO8TijZXkbZMZI 4n5xUFGeEKqrmEjliwKjB/EAunVZWi6pQ/IySIaqjHDybFF5mnoqngD16SA+pd4J nUxS+Zeb1exizD3LBjMHsRPT+z29d4kiwCz/T7PLit2eLcOh5zdQDdXLWDregbp3 ixRPn0EwZDuFgdKTYJpXOzMZiThYZKH0qrN2/aEAm/yoZIOxM0uT8kHhiMxrLlDH iW8JTVbBB6ujy/LFF/M0osFngSZpjWQoJ3DGQLwqSH08xwWMNYCAgOxObPyaWfdt opFbxHILwqt2FKXF0rtKHrMJNzA/YLnFrqEqHVkL8lh4Wt0X/aFS4hceFHSVGG/n WLtqg03dlXruYOMPPKMH2F1j7WALeL+982ZONunvZxYo5EouxUAPaxt86xXYqSbZ vNZxbo9y1vh6O3tGD7QZLXbW34ahZ+qtbfaDQoaG36Eqc0el+nYgLLQF2K8Us6KG 7sJLVvoRsEYxxZIrPnQm/f8kSqht99SOarqeF6EGHZhtEpBavbcBhP57K2Mi1G8R AX7eE9Si+OBx =gCmJ -----END PGP SIGNATURE-----
--- End Message ---
