[pkg-bacula-devel] Update tracker for CVE-2007-5626
Moritz Mühlenhoff
jmm at inutil.org
Wed Jun 1 10:21:00 UTC 2016
On Wed, Jun 01, 2016 at 11:47:01AM +0200, Carsten Leonhardt wrote:
> Hi,
>
> CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the
> tracker.
>
> Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use
> of which is not prone to the security issues that "make_catalog_backup"
> had.
>
> See excerpts from Upstream changelog:
>
> > Release Version 5.0.0
> > 20Jan10
> > - Use make_catalog_backup.pl by default
> > 06Jan10
> > - Add make_catalog_backup.pl script that uses env variables and disk file to
> > pass database password for backup
>
> Additionally, there always have been warnings about the usage of
> make_catalog_backup, as can be seen in the corresponding bug, especially
> the last two messages:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54
>
> Could you fix the tracker to display this as "fixed"?
Thanks, I've updated the tracker.
Cheers,
Moritz
More information about the pkg-bacula-devel
mailing list