Salvatore Bonaccorso <car...@debian.org> writes:
> On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote:
>> Upstream discovered and fixed use of a static IV in encrypting backups:
>> "A fixed initialization vector (constant string) was used while encrypting
>> the data. This opened the encrypted stream/data to plaintext attacks among
>> others. Bug fixed #1185343."
>> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html
>> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343
>> 
>> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian?
>
> Jus a short note that a CVE was asigned now for this issue:
> CVE-2013-6394.

I'm actively working on packaging 2.1.6 and should have packages today/tomorrow.

-- 
Stewart Smith

Attachment: pgpABo4dVDSFN.pgp
Description: PGP signature

Reply via email to