[debian-mysql] Bug#730544: Bug#730544: static IV used in Percona XtraBackup
Stewart Smith
stewart.smith at percona.com
Wed Nov 27 03:32:34 UTC 2013
Salvatore Bonaccorso <carnil at debian.org> writes:
> On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote:
>> Upstream discovered and fixed use of a static IV in encrypting backups:
>> "A fixed initialization vector (constant string) was used while encrypting
>> the data. This opened the encrypted stream/data to plaintext attacks among
>> others. Bug fixed #1185343."
>> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
>> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
>>
>> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian?
>
> Jus a short note that a CVE was asigned now for this issue:
> CVE-2013-6394.
I'm actively working on packaging 2.1.6 and should have packages today/tomorrow.
--
Stewart Smith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20131127/fa0e0146/attachment.sig>
More information about the pkg-mysql-maint
mailing list