[debian-mysql] Bug#730544: static IV used in Percona XtraBackup
Thijs Kinkhorst
thijs at debian.org
Tue Nov 26 11:24:34 UTC 2013
Package: percona-xtrabackup
Severity: serious
Tags: security fixed-upstream
Hi,
Upstream discovered and fixed use of a static IV in encrypting backups:
"A fixed initialization vector (constant string) was used while encrypting
the data. This opened the encrypted stream/data to plaintext attacks among
others. Bug fixed #1185343."
http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian?
Cheers,
Thijs
More information about the pkg-mysql-maint
mailing list