Debian Patches
Status for corosync/3.1.7-1+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Fix-various-typos-in-ChangeLog.patch | Fix various typos in ChangeLog This file isn't present in the upstream VCS, but generated from the Git commit messages during the release process. Thus fixing typos in it isn't upstreamable. |
Ferenc Wágner <wferi@niif.hu> | no | 2016-08-29 | ||
| Enable-PrivateTmp-in-the-systemd-service-files.patch | Enable PrivateTmp in the systemd service files | Ferenc Wágner <wferi@debian.org> | no | 2018-12-10 | ||
| Make-the-example-config-valid.patch | Make the example config valid | Ferenc Wágner <wferi@debian.org> | no | 2018-12-16 | ||
| Revert-logrotate-Use-copytruncate-method-by-default.patch | Revert "logrotate: Use copytruncate method by default" This reverts commit 04362046c4a9d7307feb5b68341d567b7d0b94d6. The copytruncate documentation says that it should not be used to avoid losing logging data. The drawbacks mentioned in the reverted commit are not relevant, because they involve hiding problems which should be fixed at their respective origins instead. |
Ferenc Wágner <ferenc.wagner@balabit.com> | no | 2023-01-15 | ||
| CVE-2025-30472.patch | totemsrp: Check size of orf_token msg orf_token message is stored into preallocated array on endian convert so carefully crafted malicious message can lead to crash of corosync. Solution is to check message size beforehand. |
Jan Friesse <jfriesse@redhat.com> | no | 2025-03-24 | ||
| totemsrp-Return-error-if-sanity-check-fails.patch | totemsrp: Return error if sanity check fails Previously, the check_memb_commit_token_sanity function correctly checked the minimum message length. However, if the message was too short, it incorrectly returned a success code (0) instead of the expected failure code (-1). This commit ensures the appropriate error code is returned when the message length sanity check fails. |
Jan Friesse <jfriesse@redhat.com> | no | 2026-04-02 | ||
| totemsrp-Fix-integer-overflow-in-memb_join_sanity.patch | totemsrp: Fix integer overflow in memb_join_sanity This commit addresses an integer overflow (wraparound) vulnerability in the check_memb_join_sanity function. Previously, the 32-bit unsigned network values proc_list_entries and failed_list_entries were added together before being promoted to size_t. This allowed the addition to wrap around in 32-bit arithmetic (e.g., 0x80000000 + 0x80000000 = 0), resulting in a required_len calculation that was incorrectly small. The solution is to cast the list entries to size_t and verify that neither exceeds the maximum allowed value before the addition occurs. |
Jan Friesse <jfriesse@redhat.com> | no | 2026-04-02 |
All known versions for source package 'corosync'
- 3.1.10-2 (sid, forky)
- 3.1.9-2+deb13u1 (trixie, trixie-security)
- 3.1.7-1+deb12u2 (bookworm, bookworm-security)