Date: Mon, 25 May 2015 22:10:22 +0200 From: Raphaël Rigo <ml-oss@...call.eu> To: oss-security@...ts.openwall.com Subject: CVE request for attic : encrypted backups attack Hello, attic is a deduplicating backup program written in Python. It features encrypted remote backups. Unfortunately : https://github.com/jborg/attic/issues/271 allow an attacker able to modify a remote encrypted directory to cause the client to send unencrypted data on the next backup run. It was fixed in this commit : https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072 Could a CVE be assigned ? Regards, Raphaël PS: I am not an attic dev, just a user.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ