Source: storebackup Version: 3.2.1-1 Severity: grave Tags: security upstream
Hi, The following vulnerability was published for storebackup. CVE-2020-7040[0]: |storeBackup: denial of service and symlink attack vector via fixed |lockfile path /tmp/storeBackup.lock The RC severity per se is a bit exagerated for the issue, but given the package is orphaned we should be careful on including the package in bullseye. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-7040 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7040 [1] https://www.openwall.com/lists/oss-security/2020/01/20/3 [2] https://bugzilla.suse.com/show_bug.cgi?id=1156767 Regards, Salvatore
