Accepted pacemaker 1.1.16-1+deb9u1 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 10 Nov 2020 20:17:46 +0100
Source: pacemaker
Binary: pacemaker-common pacemaker-resource-agents pacemaker pacemaker-cli-utils pacemaker-remote pacemaker-doc libcib4 libcib-dev libcrmcluster4 libcrmcluster-dev libcrmcommon3 libcrmcommon-dev libcrmservice3 libcrmservice-dev liblrmd1 liblrmd-dev libpe-rules2 libpe-status10 libpengine10 libpengine-dev libstonithd2 libstonithd-dev libtransitioner2
Architecture: source
Version: 1.1.16-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
libcib-dev - cluster resource manager CIB library development
libcib4 - cluster resource manager CIB library
libcrmcluster-dev - cluster resource manager cluster library development
libcrmcluster4 - cluster resource manager cluster library
libcrmcommon-dev - cluster resource manager common library development
libcrmcommon3 - cluster resource manager common library
libcrmservice-dev - cluster resource manager service library development
libcrmservice3 - cluster resource manager service library
liblrmd-dev - cluster resource manager LRMD library development
liblrmd1 - cluster resource manager LRMD library
libpe-rules2 - cluster resource manager Policy Engine rules library
libpe-status10 - cluster resource manager Policy Engine status library
libpengine-dev - cluster resource manager Policy Engine library development
libpengine10 - cluster resource manager Policy Engine library
libstonithd-dev - cluster resource manager STONITH daemon library development
libstonithd2 - cluster resource manager STONITH daemon library
libtransitioner2 - cluster resource manager transitioner library
pacemaker - cluster resource manager
pacemaker-cli-utils - cluster resource manager command line utilities
pacemaker-common - cluster resource manager common files
pacemaker-doc - cluster resource manager HTML documentation
pacemaker-remote - cluster resource manager proxy daemon for remote nodes
pacemaker-resource-agents - cluster resource manager general resource agents
Changes:
pacemaker (1.1.16-1+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS team.
* Fix CVE-2020-25654:
An ACL bypass flaw was found in pacemaker. An attacker having a local
account on the cluster and in the haclient group could use IPC
communication with various daemons directly to perform certain tasks that
they would be prevented by ACLs from doing if they went through the
configuration.
Checksums-Sha1:
56b793f0dfe8c15e5e91f53058faf766aa19e281 4129 pacemaker_1.1.16-1+deb9u1.dsc
55bfbf4fe493d882d0d8f7ca8bc7bd61da1e4f3e 4897772 pacemaker_1.1.16.orig.tar.gz
bfa0c883991267eb976fe97b2c6dc54844abd824 45804 pacemaker_1.1.16-1+deb9u1.debian.tar.xz
705af8c02f7f647dc535d52f92196d30d665336e 30255 pacemaker_1.1.16-1+deb9u1_amd64.buildinfo
Checksums-Sha256:
a5081ff6013506866f248f747e76e94c84cfe4248ea032cc800fb10103409609 4129 pacemaker_1.1.16-1+deb9u1.dsc
dffcae035975669a66ab545d45216a637496a251ee2114fa03d58acfcc969202 4897772 pacemaker_1.1.16.orig.tar.gz
a10d77313a69e2dccd050ab82d416c0b96a678e61a1df8516bb748067cc0d511 45804 pacemaker_1.1.16-1+deb9u1.debian.tar.xz
8933d9030111c5ed791a153e723fa23eba631d5c3ff064dcc09040524a5128e4 30255 pacemaker_1.1.16-1+deb9u1_amd64.buildinfo
Files:
331eaf1c88c49179e85b6cd6200bbe1e 4129 admin optional pacemaker_1.1.16-1+deb9u1.dsc
a3b9d075bc9114ff698966e57e50bb12 4897772 admin optional pacemaker_1.1.16.orig.tar.gz
0adbdcb93ec4296c696b13923590ed40 45804 admin optional pacemaker_1.1.16-1+deb9u1.debian.tar.xz
a75b28c6ffd8a1d9970b112e31e99671 30255 admin optional pacemaker_1.1.16-1+deb9u1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAl+seBNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk3jEP/0evOElnGqsOq5OMh+dcGMPN0p6p75Jfox+C
otoMrYD6JQnKeBahvihsdRLuZJ14oEHSAzVbwYWgUukODAMXPOmx+nDai1GRH0mE
8731AH/zyMpt0SDKkMc8hWGsfbRHuwXF8WVqpVRtyMqYrTPP95sROQHGxaVkRUGn
TiQ5XIXho/f6tImyb/oKl/3Z+AYxXVphpFz3AtTWkALrYuOcsN/gt3vATNA4lKX+
k5+d8a9tAV0aAYzsx5hisSpNIbXEbg+Kjbs2NJaiDfaQVDdpMixdRjolEBjld5u+
JCWLJE8khZjpB3y8Ou2tb+ZmUpt3vzXVVf3N0rTLqYLEzHM4R3vx1TZ1pn43rn9R
Ou7cv5YcF2rY6aE+b1yEs+udND1avOsj33PB8GLMmazzDqIwEd6OBMKCil7kdnr2
5X/4bFB4VU11gE6XTAS0QQqCKP7dL+MZx7/9JKalR6ahly8Q5VkCUKK+y2104L+l
qoS9sajnxppN/ESaek9LhHkA7LxXOdMRw+BK0UV1yF538tdk1effoiextsVyTs7U
nDPBcCJCzIuIWdUSJuVO0tSNoDTHMSPDJKNmUKvOD+qI1reXGY20njSBVN8q2x7J
LZaFmrdnDPIt4Ri5kSXp5kChN5VMVUJeP03pQ1OiGMjUoYGMlHjIh2/H3xuSJuhy
eWOVRRrA
=PHzG
-----END PGP SIGNATURE-----