group.of.nepali.translators team mailing list archive

[Launchpad Bug Tracker <1615380@xxxxxxxxxxxxxxxxxx>]

This bug was fixed in the package borgbackup - 1.0.7-0ubuntu1.16.04.1

---------------
borgbackup (1.0.7-0ubuntu1.16.04.1) xenial; urgency=high

  * New upstream release, fixing security issues (LP: #1615380).

 -- Gianfranco Costamagna <locutusofborg@xxxxxxxxxx>  Fri, 19 Aug 2016
21:52:22 +0200

** Changed in: borgbackup (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1615380

Title:
  [SRU] security issues on borgbackup

Status in borgbackup package in Ubuntu:
  Fix Released
Status in borgbackup source package in Xenial:
  Fix Released
Status in borgbackup source package in Yakkety:
  Fix Released

Bug description:
  [Impact]

   * There are some fixes in repo corruption before 1.0.7
   * There are some security issues before 1.0.7

  [Test Case]

   * as explained here, upstream is asking to SRU borgbackup because of the fixes below
  https://github.com/borgbackup/borg/compare/28cbf2481564%5E...f32c8858ad3f
  https://github.com/borgbackup/borg/commit/dde18d6a7660837ce7b4f30d31960bdc74252570
   * use restrict-to-patch flag and see it not restricted

  # if --restrict-to-path P is given, we make sure that we only operate in/below path P.
  # for the prefix check, it is important that the compared pathes both have trailing slashes,
  # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option.

  [Regression Potential]

   * None, we have a testsuite to catch such issues.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions