group.of.nepali.translators team mailing list archive

Thread
Date
[Bug 1717666] Re: borgbackup: multiple security issues

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Launchpad Bug Tracker <1717666@xxxxxxxxxxxxxxxxxx>
Date: Tue, 05 Dec 2017 23:15:51 -0000
Reply-to: Bug 1717666 <1717666@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
This bug was fixed in the package borgbackup - 1.0.11-0ubuntu1.16.04.2

---------------
borgbackup (1.0.11-0ubuntu1.16.04.2) xenial; urgency=medium

  * New upstream release, fixing security issues (LP: #1717666).
    - revert full hardening, cython in xenial is not really ready
    - use compat level 9

borgbackup (1.0.11-4) unstable; urgency=medium

  * Switch priority to optional, extra is deprecated in new policy document.
  * Update std-version to 4.1.0
  * Drop msgpack strict dependency, already satisfied in jessie-bpo+
  * Enable full hardening

borgbackup (1.0.11-3) unstable; urgency=medium

  * Forcing utf-8 only in test target

borgbackup (1.0.11-2) unstable; urgency=medium

  * Try to force UTF-8 to fix build failures.

borgbackup (1.0.11-1) unstable; urgency=medium

  * New upstream release.
  * Bump compat level to 10
  * Bump std-version to 4.0.0
  * Refresh patches

borgbackup (1.0.10-3) unstable; urgency=medium

  * Upload to unstable.

borgbackup (1.0.10-2) experimental; urgency=medium

  * Add fuse dependency (Closes: #855812)
    - thanks Magnus Nord for the bug report!

borgbackup (1.0.10-1) experimental; urgency=medium

  * New upstream release
  * Drop the typo patch, upstreamed.

borgbackup (1.0.9-1) unstable; urgency=high

  * New upstream release (Closes: #848939).
    - security issues fixed
  * Drop the two upstream cherry-picks

borgbackup (1.0.8-4) unstable; urgency=medium

  * d/p/1843.patch
    - fix testsuite errors with older environments

borgbackup (1.0.8-3) unstable; urgency=medium

  [ Gianfranco Costamagna ]
  * debian/patches/9e760a69a29f7ebc055c4adf6f81b0a4de6aba52.patch:
    - cherry-pick upstream patch for testsuite failure
  * Fix msgpack version for backports.

borgbackup (1.0.8-2) unstable; urgency=medium

  [ Matteo Cypriani ]
  * Rework description to avoid attic references, because
    it has been removed from Debian (Closes: #844764)

borgbackup (1.0.8-1) unstable; urgency=medium

  [ Gianfranco Costamagna ]
  * Move the llfuse dependency to a real one
    (cfr upstream issue 1726)

  [ Danny Edel ]
  * New upstream release
    * refresh patches
    * d/rules: compile cython in-place for dh_auto_test

 -- Gianfranco Costamagna <locutusofborg@xxxxxxxxxx>  Sat, 16 Sep 2017
12:35:10 +0200

** Changed in: borgbackup (Ubuntu Xenial)
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1717666

Title:
  borgbackup: multiple security issues

Status in borgbackup package in Ubuntu:
  Fix Released
Status in borgbackup source package in Xenial:
  Fix Released
Status in borgbackup source package in Zesty:
  Fix Released

Bug description:
  [Impact]
  * Security issues before borg 1.0.9
  CVE-2016-10100
  CVE-2016-10099

  [Test Case]
  * such CVEs might lead to archive overwrite, and a backup loss.

  [Regression Potential]
   * None, we have a testsuite to catch such issues.

  This release has been in debian testing and artful since a month or two, and no regressions have been found.
  1.0.x branches are just for bug-fixes, and the testsuite is run during build and autopkgtesting.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1717666/+subscriptions