group.of.nepali.translators team mailing list archive
-
group.of.nepali.translators team
-
Mailing list archive
-
Message #19742
[Bug 1717666] Re: borgbackup: multiple security issues
This bug was fixed in the package borgbackup - 1.0.11-0ubuntu1.17.04.2
---------------
borgbackup (1.0.11-0ubuntu1.17.04.2) zesty; urgency=medium
* New upstream release, fixing security issues (LP: #1717666).
- revert full hardening, cython in xenial is not really ready
borgbackup (1.0.11-4) unstable; urgency=medium
* Switch priority to optional, extra is deprecated in new policy document.
* Update std-version to 4.1.0
* Drop msgpack strict dependency, already satisfied in jessie-bpo+
* Enable full hardening
borgbackup (1.0.11-3) unstable; urgency=medium
* Forcing utf-8 only in test target
borgbackup (1.0.11-2) unstable; urgency=medium
* Try to force UTF-8 to fix build failures.
borgbackup (1.0.11-1) unstable; urgency=medium
* New upstream release.
* Bump compat level to 10
* Bump std-version to 4.0.0
* Refresh patches
borgbackup (1.0.10-3) unstable; urgency=medium
* Upload to unstable.
borgbackup (1.0.10-2) experimental; urgency=medium
* Add fuse dependency (Closes: #855812)
- thanks Magnus Nord for the bug report!
borgbackup (1.0.10-1) experimental; urgency=medium
* New upstream release
* Drop the typo patch, upstreamed.
borgbackup (1.0.9-1) unstable; urgency=high
* New upstream release (Closes: #848939).
- security issues fixed
* Drop the two upstream cherry-picks
borgbackup (1.0.8-4) unstable; urgency=medium
* d/p/1843.patch
- fix testsuite errors with older environments
borgbackup (1.0.8-3) unstable; urgency=medium
[ Gianfranco Costamagna ]
* debian/patches/9e760a69a29f7ebc055c4adf6f81b0a4de6aba52.patch:
- cherry-pick upstream patch for testsuite failure
* Fix msgpack version for backports.
borgbackup (1.0.8-2) unstable; urgency=medium
[ Matteo Cypriani ]
* Rework description to avoid attic references, because
it has been removed from Debian (Closes: #844764)
borgbackup (1.0.8-1) unstable; urgency=medium
[ Gianfranco Costamagna ]
* Move the llfuse dependency to a real one
(cfr upstream issue 1726)
[ Danny Edel ]
* New upstream release
* refresh patches
* d/rules: compile cython in-place for dh_auto_test
-- Gianfranco Costamagna <locutusofborg@xxxxxxxxxx> Sat, 16 Sep 2017
12:35:10 +0200
** Changed in: borgbackup (Ubuntu Zesty)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1717666
Title:
borgbackup: multiple security issues
Status in borgbackup package in Ubuntu:
Fix Released
Status in borgbackup source package in Xenial:
Fix Released
Status in borgbackup source package in Zesty:
Fix Released
Bug description:
[Impact]
* Security issues before borg 1.0.9
CVE-2016-10100
CVE-2016-10099
[Test Case]
* such CVEs might lead to archive overwrite, and a backup loss.
[Regression Potential]
* None, we have a testsuite to catch such issues.
This release has been in debian testing and artful since a month or two, and no regressions have been found.
1.0.x branches are just for bug-fixes, and the testsuite is run during build and autopkgtesting.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1717666/+subscriptions