On Sat, Feb 16, 2019 at 10:35:05PM +0500, Andrey Rahmatullin wrote:
> On Sat, Feb 16, 2019 at 12:33:08PM +0000, Debian Bug Tracking System wrote:
> > Processing commands for cont...@bugs.debian.org:
> >
> > > severity 776246 grave
> > Bug #776246 [librsync1] MD4 collision/preimage attacks (CVE-2014-8242)
> > Severity set to 'grave' from 'important'
> > > thanks
> > Stopping processing here.
> >
> > Please contact me if you need assistance.
> Fixing this requires a transition and removing or patching rdiff-backup so
>
> Checking reverse dependencies...
> # Broken Depends:
> burp: burp [amd64 arm64 armel armhf i386 kfreebsd-amd64 kfreebsd-i386 mips
> mips64el mipsel ppc64el s390x]
> csync2: csync2
> duplicity: duplicity
> rdiff-backup: rdiff-backup
>
> # Broken Build-Depends:
> burp: librsync-dev
> csync2: librsync-dev
> duplicity: librsync-dev (>= 0.9.6)
> rdiff
> rdiff-backup: librsync-dev
>
>
> Unfortunately I was too demotivated by the initial state of new librsync
> (1.0+) and the API breakage affecting rdiff-backup to proceed with this
> during the release cycle.
If a transition (even though it's marginal in size) isn't an option at this
point I'm fine with ignoring this for buster again, but this by all means
fixed soon after.
Cheers,
Moritz
