Control: retitle -1 percona-xtrabackup: CVE-2013-6394: static IV used in Percona XtraBackup
Hi, On Tue, Nov 26, 2013 at 12:24:34PM +0100, Thijs Kinkhorst wrote: > Package: percona-xtrabackup > Severity: serious > Tags: security fixed-upstream > > Hi, > > Upstream discovered and fixed use of a static IV in encrypting backups: > "A fixed initialization vector (constant string) was used while encrypting > the data. This opened the encrypted stream/data to plaintext attacks among > others. Bug fixed #1185343." > http://www.percona.com/doc/percona-xtrabackup/2.1/release-notes/2.1/2.1.6.html > https://bugs.launchpad.net/percona-xtrabackup/+bug/1185343 > > Fixed in upstream 2.1.6. Can you please ensure that this gets into Debian? Jus a short note that a CVE was asigned now for this issue: CVE-2013-6394. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
