On Wed, Jun 01, 2016 at 11:47:01AM +0200, Carsten Leonhardt wrote: > Hi, > > CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the > tracker. > > Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use > of which is not prone to the security issues that "make_catalog_backup" > had. > > See excerpts from Upstream changelog: > > > Release Version 5.0.0 > > 20Jan10 > > - Use make_catalog_backup.pl by default > > 06Jan10 > > - Add make_catalog_backup.pl script that uses env variables and disk file > > to > > pass database password for backup > > Additionally, there always have been warnings about the usage of > make_catalog_backup, as can be seen in the corresponding bug, especially > the last two messages: > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54 > > Could you fix the tracker to display this as "fixed"?
Thanks, I've updated the tracker. Cheers, Moritz