[debian-mysql] Bug#730544: static IV used in Percona XtraBackup
Salvatore Bonaccorso
carnil at debian.org
Tue Nov 26 19:06:21 UTC 2013
Control: retitle -1 percona-xtrabackup: CVE-2013-6394: static IV used in Percona XtraBackup
Hi,
On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote:
> Package: percona-xtrabackup
> Severity: serious
> Tags: security fixed-upstream
>
> Hi,
>
> Upstream discovered and fixed use of a static IV in encrypting backups:
> "A fixed initialization vector (constant string) was used while encrypting
> the data. This opened the encrypted stream/data to plaintext attacks among
> others. Bug fixed #1185343."
> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
>
> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian?
Jus a short note that a CVE was asigned now for this issue:
CVE-2013-6394.
Regards,
Salvatore
More information about the pkg-mysql-maint
mailing list