News and announcements

Back in Time release 1.1.24

Written for Back In Time by Germar on 2017-11-07

Fix a critical bug which allow shell injection

EDIT: This issue has been assigned CVE-2017-16667

Changelog:
* fix critical bug: shell injection in notify-send (https://github.com/bit-team/backintime/issues/834)

Updated on 2017-11-08.

Back in Time release 1.1.22

Written for Back In Time by Germar on 2017-10-28

Fix some minor bugs and backport from 1.2.0

Changelog:- fix bug: stat free space for snapshot folder instead of backintime folder (https://github.com/bit-team/backintime/issues/733)
- backport bug fix: backintime root crontab doesn't run; missinng line-feed 0x0A on last line (https://github.com/bit-team/backintime/issues/781)
- backport bug fix: can't open files with spaces in name (https://github.com/bit-team/backintime/issues/552)

Back in Time release 1.1.20 (fixes a critical bug)

Written for Back In Time by Germar on 2017-04-09

This release fixes a critical bug which could be used to escalate permissions. @mgerstner identified a race condition in Polkit CheckAuthorization. It was reported as CVE-2017-7572 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7572)

Changelog:
* backport bug fix: polkit CheckAuthorization: race condition in privilege authorization (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7572)

Back in Time release 1.1.16

Written for Back In Time by Germar on 2017-03-28

This is a bug-fix release for Back in Time. I pushed the last release a bit overhasty which broke automatic snapshots. Sorry

Changelog:
* backport bug fix: start a new ssh-agent instance only if necessary (https://github.com/bit-team/backintime/issues/722)
* Fix bug: OSError when running backup-job from systemd (https://github.com/bit-team/backintime/issues/720)

Back in Time release 1.1.14

Written for Back In Time by Germar on 2017-03-06

This is a bug fix release fixing a critical bug which could make a system unboot-able if restoring filesystem-root as root without 'Full rsync mode' and with ACL and/or xattr activated. It would make '/' only read-able by root. No other user would be able to read from the whole filesystem.

Couple other bug fixes have been backported from 1.2. series, too.

Changelog:
- backport bug fix: udev schedule not working (https://github.com/bit-team/backintime/issues/605)
- backport bug fix: Keyring doesn't work with KDE Plasma5 (https://github.com/bit-team/backintime/issues/545)
- backport bug fix: nameError in tools.make_dirs (https://github.com/bit-team/backintime/issues/622)
- backport bug fix: use current folder if no file is selected in files view
- Fix critical bug: restore filesystem-root without 'Full rsync mode' with ACL and/or xargs activated broke whole system (https://github.com/bit-team/backintime/issues/708)

15 of 10 results