Stewart Smith <stewart.sm...@percona.com> writes: > Salvatore Bonaccorso <car...@debian.org> writes: >> On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote: >>> Upstream discovered and fixed use of a static IV in encrypting backups: >>> "A fixed initialization vector (constant string) was used while encrypting >>> the data. This opened the encrypted stream/data to plaintext attacks among >>> others. Bug fixed #1185343." >>> http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html >>> https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343 >>> >>> Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian? >> >> Jus a short note that a CVE was asigned now for this issue: >> CVE-2013-6394. > > I'm actively working on packaging 2.1.6 and should have packages > today/tomorrow.
I've uploaded source packages (and amd64 binaries build with sbuild locally) up to: https://flamingspork.com/junk/percona-xtrabackup-2.1.6-debian/ I'd appreciate any review/sponsor for getting them in. -- Stewart Smith
pgp3lt6361odq.pgp
Description: PGP signature
