[SRU] security issues on borgbackup
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
borgbackup (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Xenial |
Fix Released
|
Undecided
|
Unassigned | ||
Yakkety |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
* There are some fixes in repo corruption before 1.0.7
* There are some security issues before 1.0.7
[Test Case]
* as explained here, upstream is asking to SRU borgbackup because of the fixes below
https:/
https:/
* use restrict-to-patch flag and see it not restricted
# if --restrict-to-path P is given, we make sure that we only operate in/below path P.
# for the prefix check, it is important that the compared pathes both have trailing slashes,
# so that a path /foobar will NOT be accepted with --restrict-to-path /foo option.
[Regression Potential]
* None, we have a testsuite to catch such issues.
summary: |
- security issues on borgbackup + [SRU] security issues on borgbackup |
description: | updated |
description: | updated |
information type: | Public → Public Security |
I asked upstream to provide a CVE, the work seems ongoing :)