On Wed, Sep 14, 2022 at 06:46:47PM +0200, Sylvain Beucler wrote: > Hello Valentin, > > Thank you for claiming 'pcs' in dla-needed.txt and uploading a fixed > version. > > LTS uploads follow a procedure which notably involves reserving a DLA in the > security tracker and sending announcements to the mailing list and website, > see: > https://lts-team.pages.debian.net/wiki/LTS-Development.html > > Note that uploads are not validated (provided you're DD) and are immediately > available to the end users. > > I can handle this administrative part of the upload (announcement text would > be appreciated), but first I'm coordinating with you: do you have further > work to do, are you waiting for us to check/review something?
Hi and sorry about that. I was planning to follow the DLA procedure but ran out of time lately. The description from stable can probably be reused here: A security issue was discovered in pcs, a corosync and pacemaker configuration tool: * CVE-2022-1049 It was discovered that expired accounts were still able to login via PAM. For Debian 10 "Buster", the problem has been fixed in version 0.10.1-2+deb10u1. Let me know if you will send this out or I should give it a try? -- Valentin
