[debian-mysql] Bug#730544: Bug#730544: Bug#730544: static IV used in Percona XtraBackup
Stewart Smith
stewart.smith at percona.com
Wed Nov 27 05:55:12 UTC 2013
Stewart Smith <stewart.smith at percona.com> writes:
> Salvatore Bonaccorso <carnil at debian.org> writes:
>> On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote:
>>> Upstream discovered and fixed use of a static IV in encrypting backups:
>>> "A fixed initialization vector (constant string) was used while encrypting
>>> the data. This opened the encrypted stream/data to plaintext attacks among
>>> others. Bug fixed #1185343."
>>> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
>>> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
>>>
>>> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian?
>>
>> Jus a short note that a CVE was asigned now for this issue:
>> CVE-2013-6394.
>
> I'm actively working on packaging 2.1.6 and should have packages
> today/tomorrow.
I've uploaded source packages (and amd64 binaries build with sbuild
locally) up to:
https://flamingspork.com/junk/percona-xtrabackup-2.1.6-debian/
I'd appreciate any review/sponsor for getting them in.
--
Stewart Smith
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-mysql-maint/attachments/20131127/6e17e01f/attachment.sig>
More information about the pkg-mysql-maint
mailing list