This bug was fixed in the package borgbackup - 1.0.7-0ubuntu1.16.04.1 --------------- borgbackup (1.0.7-0ubuntu1.16.04.1) xenial; urgency=high
* New upstream release, fixing security issues (LP: #1615380). -- Gianfranco Costamagna <[email protected]> Fri, 19 Aug 2016 21:52:22 +0200 ** Changed in: borgbackup (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of नेपाली भाषा समायोजकहरुको समूह, which is subscribed to Xenial. Matching subscriptions: Ubuntu 16.04 Bugs https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup Status in borgbackup package in Ubuntu: Fix Released Status in borgbackup source package in Xenial: Fix Released Status in borgbackup source package in Yakkety: Fix Released Bug description: [Impact] * There are some fixes in repo corruption before 1.0.7 * There are some security issues before 1.0.7 [Test Case] * as explained here, upstream is asking to SRU borgbackup because of the fixes below https://github.com/borgbackup/borg/compare/28cbf2481564%5E...f32c8858ad3f https://github.com/borgbackup/borg/commit/dde18d6a7660837ce7b4f30d31960bdc74252570 * use restrict-to-patch flag and see it not restricted # if --restrict-to-path P is given, we make sure that we only operate in/below path P. # for the prefix check, it is important that the compared pathes both have trailing slashes, # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option. [Regression Potential] * None, we have a testsuite to catch such issues. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions _______________________________________________ Mailing list: https://launchpad.net/~group.of.nepali.translators Post to : [email protected] Unsubscribe : https://launchpad.net/~group.of.nepali.translators More help : https://help.launchpad.net/ListHelp
