[Bug 1615380] Re: [SRU] security issues on borgbackup
This bug was fixed in the package borgbackup - 1.0.7-0ubuntu1.16.04.1 --- borgbackup (1.0.7-0ubuntu1.16.04.1) xenial; urgency=high * New upstream release, fixing security issues (LP: #1615380). -- Gianfranco Costamagna Fri, 19 Aug 2016 21:52:22 +0200 ** Changed in: borgbackup (Ubuntu Xenial) Status: Fix Committed => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1615380] Re: [SRU] security issues on borgbackup
** Information type changed from Public to Public Security -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1615380] Re: [SRU] security issues on borgbackup
so far so good! ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1615380] Re: [SRU] security issues on borgbackup
Hello LocutusOfBorg, or anyone else affected, Accepted borgbackup into xenial-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/borgbackup/1.0.7-0ubuntu1.16.04.1 in a few hours, and then in the -proposed repository. Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users. If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision. Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance! ** Changed in: borgbackup (Ubuntu Xenial) Status: New => Fix Committed ** Tags added: verification-needed -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1615380] Re: [SRU] security issues on borgbackup
** Summary changed: - security issues on borgbackup + [SRU] security issues on borgbackup ** Description changed: - as explained here, upstream is asking to SRU borgbackup because of the fixes below + [Impact] + + * There are some fixes in repo corruption before 1.0.7 + * There are some security issues before 1.0.7 + + [Test Case] + + * as explained here, upstream is asking to SRU borgbackup because of the fixes below https://github.com/borgbackup/borg/compare/28cbf2481564%5E...f32c8858ad3f https://github.com/borgbackup/borg/commit/dde18d6a7660837ce7b4f30d31960bdc74252570 + * use restrict-to-patch flag and see it not restricted + + # if --restrict-to-path P is given, we make sure that we only operate in/below path P. + # for the prefix check, it is important that the compared pathes both have trailing slashes, + # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option. + + [Regression Potential] + + * None, we have a testsuite to catch such issues. + + [Other Info] ** Description changed: [Impact] - * There are some fixes in repo corruption before 1.0.7 - * There are some security issues before 1.0.7 + * There are some fixes in repo corruption before 1.0.7 + * There are some security issues before 1.0.7 [Test Case] - * as explained here, upstream is asking to SRU borgbackup because of the fixes below + * as explained here, upstream is asking to SRU borgbackup because of the fixes below https://github.com/borgbackup/borg/compare/28cbf2481564%5E...f32c8858ad3f https://github.com/borgbackup/borg/commit/dde18d6a7660837ce7b4f30d31960bdc74252570 - * use restrict-to-patch flag and see it not restricted + * use restrict-to-patch flag and see it not restricted # if --restrict-to-path P is given, we make sure that we only operate in/below path P. # for the prefix check, it is important that the compared pathes both have trailing slashes, - # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option. + # so that a path /foobar will NOT be accepted with --restrict-to-path /foo option. [Regression Potential] - * None, we have a testsuite to catch such issues. - - [Other Info] + * None, we have a testsuite to catch such issues. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1615380 Title: [SRU] security issues on borgbackup To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/borgbackup/+bug/1615380/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs