Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 May 2015 22:10:22 +0200
From: Raphaël Rigo <ml-oss@...call.eu>
To: oss-security@...ts.openwall.com
Subject: CVE request for attic : encrypted backups attack

Hello,

attic is a deduplicating backup program written in Python.
It features encrypted remote backups.

Unfortunately :
https://github.com/jborg/attic/issues/271
allow an attacker able to modify a remote encrypted directory to cause the
client to send unencrypted data on the next backup run.

It was fixed in this commit :
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072

Could a CVE be assigned ?

Regards,
Raphaël
PS: I am not an attic dev, just a user.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ