It was discovered that an update for PCS package in RHBA-2023:2151 erratum released as part of Red Hat Enterprise Linux 9.2 failed to include the fix for the Webpack issue CVE-2023-28154 (for PCS package), which was previously addressed in Red Hat Enterprise Linux 9.1 via erratum RHSA-2023:1591. The CVE-2023-2319 was assigned to that Red Hat specific security regression in Red Hat Enterprise Linux 9.2.
[
{
"vendor": "n/a",
"product": "pcs",
"versions": [
{
"version": "Affects pcs v0.11.4-6.el9, Fixed in pcs v0.11.4-7.el9_2",
"status": "affected"
}
]
}
]