corosync (3.1.9-2) [PTS] [DDPO]

OK: VCS matches the version in the archive

Git: https://salsa.debian.org/ha-team/corosync.git
JSON
Enter a full Vcs-* header, supported schemes are: Vcs-Bzr, Vcs-Cvs, Vcs-Darcs, Vcs-Git, Vcs-Hg, Vcs-Mtn, Vcs-Svn.
For Vcs-Git append -b branch to select the branch name; append [subdir] if the debian/ directory is not in the repository root.
The next upload will reset the information from the source package headers.
Branch: debian/master
Path: debian/changelog
Repo size: 16760832
Browser: https://salsa.debian.org/ha-team/corosync
Last scan: 2025-10-13 08:14:03+00
Next scan: 2025-10-18 11:32:00+00
CI pipeline status: success

Debian changelog in Git:

corosync (3.1.9-2) unstable; urgency=medium

  * [d29071e] New patch: totemsrp: Check size of orf_token msg.
    Cherry-picked security fix for CVE-2025-30472, upstream commit
    7839990f9cdf34e55435ed90109e82709032466a.
    Corosync through 3.1.9, if encryption is disabled or the attacker knows
    the encryption key, has a stack-based buffer overflow in
    orf_token_endian_convert in exec/totemsrp.c via a large UDP packet.
    Thanks to Jan Friesse (Closes: #1102006)

 -- Ferenc Wágner <wferi@debian.org>  Sat, 21 Jun 2025 11:54:36 +0200

This branch is even with tag debian/3.1.9-2