Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted corosync 3.1.9-2+deb13u1 (source) into proposed-updates
Date: Sun, 10 May 2026 16:32:05 +0000
Signed by: Ferenc Wágner <wferi@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 07 May 2026 22:36:24 +0200
Source: corosync
Architecture: source
Version: 3.1.9-2+deb13u1
Distribution: trixie-security
Urgency: high
Maintainer: Debian HA Maintainers <debian-ha-maintainers@lists.alioth.debian.org>
Changed-By: Ferenc Wágner <wferi@debian.org>
Closes: 1133837 1133838
Changes:
 corosync (3.1.9-2+deb13u1) trixie-security; urgency=high
 .
   * [128a6c1] New patch: totemsrp: Return error if sanity check fails.
     Fixes CVE-2026-35091. Thanks to Jan Friesse (Closes: #1133838)
   * [f46d7eb] New patch: totemsrp: Fix integer overflow in memb_join_sanity.
     Fixes CVE-2026-35092. Thanks to Jan Friesse (Closes: #1133837)
Checksums-Sha1:
 8c988428e51a41f9f3640ce02068c1478dedde1b 3527 corosync_3.1.9-2+deb13u1.dsc
 2ceb27fe91b45d64eabbfec59ae1937e71697296 1173752 corosync_3.1.9.orig.tar.gz
 75542a3860618304074d6834b864d57623248846 833 corosync_3.1.9.orig.tar.gz.asc
 37482e179d0e3191d804694e7f3ea01d2d04ab62 29240 corosync_3.1.9-2+deb13u1.debian.tar.xz
 4fc1340465ede7991afbdc96d1869a5c5936324f 17780 corosync_3.1.9-2+deb13u1_amd64.buildinfo
Checksums-Sha256:
 2548699634f9d6e00c0f891e511757a7b226372b9a91dbd1d6faecc6625ff31e 3527 corosync_3.1.9-2+deb13u1.dsc
 203354bbddee1a97b3c50a076eae89c635f406dd674ccaefc94bb9092acd9535 1173752 corosync_3.1.9.orig.tar.gz
 56ec7d4946a7cba06a5ba7d9010fa1dab96fb0473e617ca08bf9adcc461e8c0d 833 corosync_3.1.9.orig.tar.gz.asc
 4f71eae2bd36a2df04f0ed88703ae2e50f0e2c6ac329e6007947dbe732eafdaf 29240 corosync_3.1.9-2+deb13u1.debian.tar.xz
 9fd4c4fddda17003f9f76c040bd1c35258dc8a6a2771107a03163d2e9fe00413 17780 corosync_3.1.9-2+deb13u1_amd64.buildinfo
Files:
 7bcc6d7e5cf60380464479d145479628 3527 admin optional corosync_3.1.9-2+deb13u1.dsc
 4d2ec0131fbce1e30773903a19d3f064 1173752 admin optional corosync_3.1.9.orig.tar.gz
 e8b971df39b3c496d56ae723909e8710 833 admin optional corosync_3.1.9.orig.tar.gz.asc
 5beb85e191ff9f34a282dcd56fba985e 29240 admin optional corosync_3.1.9-2+deb13u1.debian.tar.xz
 9abffd059b4373fa88a6be88c909b190 17780 admin optional corosync_3.1.9-2+deb13u1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwddEx0RNIUL7eugtOsj3Fkd+2yMFAmn+Nh0ACgkQOsj3Fkd+
2yOixRAAkEWP6uZqCVUTROMb02zrRve5Wj6WeuXmhbaeJeVv0WaAjJNsVmBFXzEz
7/0zA4ajMcG2gX9emKmW0HuDc/SUf6kGUr5/IqbSu7uAbXRxE8K2vVfUtobIWVEU
/Bl9MgSknO3wXUSB/YBrWFR7GEjkl845Kv3MfEkd241L5HkVx7VQ0P2HmYgMqGyJ
Tw2P9Ku5viYQ+1J+jkLFK46zNxTtiAkFRo9e4oBPFSn5D+xvrsiNAuFxwTckhVbg
ky9+FQBMHT4tv1qUhSdG3DaHivfqEuIBKygD4ezs6Ycp7B02IDHTS7qljHNOaWdI
NLKOgI4c6Q/CyYhggH/qphBfk6li1yBS7bGv1l0aNIbGZRgI2HN0jTspZY6EaKEL
RYgumK+MnOrEx7Z3OLAcCsurYglP4lG5QQd8K7UesTpWrZJBL1NKtEvRHRQQkUTQ
WvRI36YjnQQWkg9/KikpTlfCbA7hie1x95gRV23haKjRWRwYTN1iYtx2bKvfMQCd
zkXawywUIgcRwOzsOHaWI+9UUdRGV2Jn4KF5ALQNmqmRZqEq+c80hSyD/tcb5Dwd
d1gv1VJtVA0llJjTl8JiuMA/lfmtg/8+rIMezdN86NAWJpZ+Qo33OR2Di3ySeblX
hlprEkPoIq2aXbRbEzjOypB7g8uZv0Y9qQIjfgX9hxxEPEf8XT0=
=EHYV
-----END PGP SIGNATURE-----
News for package corosync
