Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 25 May 2015 22:10:22 +0200
From: Raphaël Rigo <>
Subject: CVE request for attic : encrypted backups attack


attic is a deduplicating backup program written in Python.
It features encrypted remote backups.

Unfortunately :
allow an attacker able to modify a remote encrypted directory to cause the
client to send unencrypted data on the next backup run.

It was fixed in this commit :

Could a CVE be assigned ?

PS: I am not an attic dev, just a user.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ