Debian Csync2 vulnerabilities

CVE-2019-15522 [CRITICAL] CVE-2019-15522: csync2 - An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in da... An issue was discovered in LINBIT csync2 through 2.0. csync_daemon_session in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL. Scope: local bookworm: resolved (fixed in 2.0-25-gc0faaf9-1) bullseye: resolved (fixed in 2.0-25-gc0faaf9-1) forky: resolved (fixed in 2.0-25-gc0faaf9-1) sid: resolved (fixed in 2.0-25-gc

CVE-2019-15523 [MEDIUM] CVE-2019-15523: csync2 - An issue was discovered in LINBIT csync2 through 2.0. It does not correctly chec... An issue was discovered in LINBIT csync2 through 2.0. It does not correctly check for the return value GNUTLS_E_WARNING_ALERT_RECEIVED of the gnutls_handshake() function. It neglects to call this function again, as required by the design of the API. Scope: local bookworm: resolved (fixed in 2.0-25-gc0faaf9-1) bullseye: resolved (fixed in 2.0-25-gc0faaf9-1) forky: r