News and announcements

Back in Time release 1.1.24

Written for Back In Time by Germar on 2017-11-07

Fix a critical bug which allow shell injection

EDIT: This issue has been assigned CVE-2017-16667

Changelog:
* fix critical bug: shell injection in notify-send (https://github.com/bit-team/backintime/issues/834)

Updated on 2017-11-08.

Back in Time release 1.1.22

Written for Back In Time by Germar on 2017-10-28

Fix some minor bugs and backport from 1.2.0

Changelog:- fix bug: stat free space for snapshot folder instead of backintime folder (https://github.com/bit-team/backintime/issues/733)
- backport bug fix: backintime root crontab doesn't run; missinng line-feed 0x0A on last line (https://github.com/bit-team/backintime/issues/781)
- backport bug fix: can't open files with spaces in name (https://github.com/bit-team/backintime/issues/552)

Back in Time release 1.1.20 (fixes a critical bug)

Written for Back In Time by Germar on 2017-04-09

This release fixes a critical bug which could be used to escalate permissions. @mgerstner identified a race condition in Polkit CheckAuthorization. It was reported as CVE-2017-7572 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7572)

Changelog:
* backport bug fix: polkit CheckAuthorization: race condition in privilege authorization (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7572)

Back in Time release 1.1.16

Written for Back In Time by Germar on 2017-03-28

This is a bug-fix release for Back in Time. I pushed the last release a bit overhasty which broke automatic snapshots. Sorry

Changelog:
* backport bug fix: start a new ssh-agent instance only if necessary (https://github.com/bit-team/backintime/issues/722)
* Fix bug: OSError when running backup-job from systemd (https://github.com/bit-team/backintime/issues/720)