Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted corosync 3.1.7-1+deb12u2 (source) into oldstable-security
Date: Sun, 10 May 2026 11:17:23 +0000
Signed by: Ferenc Wágner <wferi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 May 2026 23:24:43 +0200
Source: corosync
Architecture: source
Version: 3.1.7-1+deb12u2
Distribution: bookworm-security
Urgency: high
Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 1133837 1133838
Changes:
 corosync (3.1.7-1+deb12u2) bookworm-security; urgency=high
 .
   * [809a6e8] New patch: totemsrp: Return error if sanity check fails.
     Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838)
   * [70d459c] New patch: totemsrp: Fix integer overflow in memb_join_sanity.
     Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837)
Checksums-Sha1:
 3c609a8367cdd24b5160826481ca2ef3075dfece 3530 corosync_3.1.7-1+deb12u2.dsc
 1630181bcac161c6136c79979d1fa4a11356b5a3 1126053 corosync_3.1.7.orig.tar.gz
 701c40a51c13d404b89bca53f637e34880761631 801 corosync_3.1.7.orig.tar.gz.asc
 c76048a6da55e69c976396a8331db0f9d62d6106 28620 corosync_3.1.7-1+deb12u2.debian.tar.xz
 72d316d7deb3ec6ca9625ce2c6aad56d2e4d784d 18240 corosync_3.1.7-1+deb12u2_amd64.buildinfo
Checksums-Sha256:
 3bd019b08d3f96ecbf70991e0e386448176ae0b7b7b0599484a77c26a3a7489a 3530 corosync_3.1.7-1+deb12u2.dsc
 e6556b3a385965f21330b9383dcd1790f28a4f79e093982b40ea2ec23e0a29fa 1126053 corosync_3.1.7.orig.tar.gz
 8b2b4bbcb8af17ed01c99a5f922d0630b0044850c99937a74d2afe81f8a33176 801 corosync_3.1.7.orig.tar.gz.asc
 b863c9ca4b5e356875003382dc9a5623bb3bd02625cbead29bf7616acde984e6 28620 corosync_3.1.7-1+deb12u2.debian.tar.xz
 e938d2730a3da87aaa3d283b18ccd24eb4241bc360170d29f090cb6291ae09f0 18240 corosync_3.1.7-1+deb12u2_amd64.buildinfo
Files:
 c5b1fc9485bac8eed70dcf83f3341d2a 3530 admin optional corosync_3.1.7-1+deb12u2.dsc
 83652b5ed1feecc80eac2ac9c3a2771e 1126053 admin optional corosync_3.1.7.orig.tar.gz
 d521f74cb8b97c6a8face1f4d5b7373d 801 admin optional corosync_3.1.7.orig.tar.gz.asc
 d4beaa2d5cccb95c15e5d0ab1bfc126a 28620 admin optional corosync_3.1.7-1+deb12u2.debian.tar.xz
 5795462d31d3d107931f6d9b3400b473 18240 admin optional corosync_3.1.7-1+deb12u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+NMgACgkQOsj3Fkd+
2yN4vxAAgiu8aNY85V4NrNrPTNn9QZRTPVGwg7YPhTCZC//OUDGsmweijlk/hFgW
wXk2F1B+Vebs+v/oi7vmO/mSa+srqrfPzwA7kO2xZD+HjDpmEIuZ81gM0K3E6zAV
wccACZi7ua4xYdyG4pjvHxdYFkQFfQG2H54AltIiPYwtKnsDIUU1GFG2ijQCPe5k
XlWDmVg4glj4Q8Kx2on2FYQvPifzYx/HId8aOTBQVDO1Auq/9NoMtWkNb5Zv3oQf
pbKPEVVBDJ7GnXIdX+m+wmHsYz6R6NId64l4fqeGMVMB28Oc1MrztpL04bsxOAg7
LWrcQPzn6gqh67a1IthNsiXdJpPcOhnuurUuZHQY0i/jTwPYFg9C5q04nhC0GSz3
CIDaIQak10zHutHBVJZKNfZDfacybPK+habR5KgbHEBnGQUE3ijumdEK9eoUiFFU
/PHswG41fFCKKSJafUmWl8MNSNkwR+xXNh/P5FJn/jwP6JBytDfeAAU4OjqbijsK
rBn0MU096Ed8pKINL2MQq4IgkH0NoK3g5DP+StpoeBa6PzeTp+Aw6pU0wCNVoZSZ
JB+5SXgaNUqxVUn7C6Gwo4I2piJuD3cM2wAmMGXf7nI6r0zCzWvH09cAfQgDvzJR
E5XFlV9Re9oUEPdDFhmW6sh2ZgtngquJgcbjj8CygIoAkqz6wM4=
=HE+v
-----END PGP SIGNATURE-----
News for package corosync
