[Git][security-tracker-team/security-tracker][master] Add s3ql issue
Salvatore Bonaccorso
carnil at debian.org
Sun Jun 10 20:10:42 BST 2018
Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker
Commits:
6141f2c1 by Salvatore Bonaccorso at 2018-06-10T21:08:35+02:00
Add s3ql issue
There is no CVE yet, but one has been requested. It was proposed to
ingore the issue, but no confirmation from maintainer yet. The fix is
straightforward, but the fix needs a bump of the filesystem revision
number, making a filesystem created after the patch, not anymore
readable with unpatched s3ql versions.
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -1,3 +1,7 @@
+CVE-2018-XXXX [bug in checksumming function; prone to replay attacks]
+ - s3ql 2.27.1+dfsg-1
+ NOTE: https://groups.google.com/forum/#!topic/s3ql/4TzCVIMkA4o
+ NOTE: https://bitbucket.org/nikratio/s3ql/commits/85aba5c2d5c81453a73a50ed638adaeef0521020
CVE-2018-12087
RESERVED
CVE-2018-12086
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6141f2c14fad4d2377401ac96ba0d5b2ca57c1a0
--
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/6141f2c14fad4d2377401ac96ba0d5b2ca57c1a0
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20180610/e6bc3067/attachment.html>
More information about the debian-security-tracker-commits
mailing list