Salvatore Bonaccorso <car...@debian.org> writes: > On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote: >> Upstream discovered and fixed use of a static IV in encrypting backups: >> "A fixed initialization vector (constant string) was used while encrypting >> the data. This opened the encrypted stream/data to plaintext attacks among >> others. Bug fixed #1185343." >> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html >> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343 >> >> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian? > > Jus a short note that a CVE was asigned now for this issue: > CVE-2013-6394.
I'm actively working on packaging 2.1.6 and should have packages today/tomorrow. -- Stewart Smith
pgpNFdmTI4NkM.pgp
Description: PGP signature
