Public bug reported:
[Impact]
* Security issues before borg 1.0.9
CVE-2016-10100
CVE-2016-10099
[Test Case]
* such CVEs might lead to archive overwrite, and a backup loss.
[Regression Potential]
* None, we have a testsuite to catch such issues.
This release has been in debian testing and artful since a month or two, and no
regressions have been found.
1.0.x branches are just for bug-fixes, and the testsuite is run during build
and autopkgtesting.
** Affects: borgbackup (Ubuntu)
Importance: Undecided
Status: New
** Affects: borgbackup (Ubuntu Xenial)
Importance: Undecided
Status: New
** Affects: borgbackup (Ubuntu Zesty)
Importance: Undecided
Status: New
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10100
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2016-10099
** Also affects: borgbackup (Ubuntu Zesty)
Importance: Undecided
Status: New
** Also affects: borgbackup (Ubuntu Xenial)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1717666
Title:
borgbackup: multiple security issues
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1717666/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
