[ClusterLabs] Corosync 2.4.4 is available at corosync.org!

Ferenc Wágner wferi at niif.hu
Thu Apr 12 21:10:30 UTC 2018


Jan Pokorný <jpokorny at redhat.com> writes:

> On 12/04/18 14:33 +0200, Jan Friesse wrote:
>
>> This release contains a lot of fixes, including fix for
>> CVE-2018-1084.
>
> Security related updates would preferably provide more context

Absolutely, thanks for providing that!  Looking at the git log, I wonder
if c139255 (totemsrp: Implement sanity checks of received msgs) has
direct security relevance as well.  Should I include that too in the
Debian security update?  Debian stable has 2.4.2, so I'm cherry picking
into that version.
-- 
Thanks,
Feri


More information about the Users mailing list