Your message dated Tue, 14 Feb 2017 22:34:14 +0000 with message-id <e1cdlfq-000hdh...@fasolo.debian.org> and subject line Bug#853916: fixed in encfs 1.9.1-4 has caused the Debian Bug report #853916, regarding encfs '-S' vulnerability to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 853916: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853916 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: encfs Version: 1.9.1-3 Severity: serious thanks Recently, a change in Encfs was found to have broken cryptkeeper, causing it to use the password 'p' for all operations, regardless of user input (#852751)[3]. The bug was closed by removing cryptkeeper from Debian. The issue, however, remains. Sirikali, which manages multiple userspace filesystems including Encfs, suffers from the same failure (#853874). An upstream Encfs representative has indicated that the problem will be fixed there [1], though no change has been pushed to date [2]. The overall issue should be RC critical for Stretch. I've marked this as 'serious', indicating that the problem will be fixed in Encfs for the Stretch release. If this is not the case, close or demote, and I'll elevate in Sirikali. [1] https://github.com/tomm/cryptkeeper/issues/23#issuecomment-276304206 [2] https://github.com/vgough/encfs [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751 -- AE0D BF5A 92A5 ADE4 9481 BA6F 8A31 71EF 3661 50CE
signature.asc
Description: GooPG digital signature
--- End Message ---
--- Begin Message ---Source: encfs Source-Version: 1.9.1-4 We believe that the bug you reported is fixed in the latest version of encfs, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 853...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Eduard Bloch <bl...@debian.org> (supplier of updated encfs package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 14 Feb 2017 23:03:28 +0100 Source: encfs Binary: encfs Architecture: source amd64 Version: 1.9.1-4 Distribution: unstable Urgency: high Maintainer: Eduard Bloch <bl...@debian.org> Changed-By: Eduard Bloch <bl...@debian.org> Description: encfs - encrypted virtual filesystem Closes: 853916 Changes: encfs (1.9.1-4) unstable; urgency=high . * Cherry-picked from upstream: + Replaced zero_pwd_segfault patch with another fix from upstream branch which forces a clean exit instead of a behavior that confused some encfs frontends (closes: #853916) (source: 5994b28542e7f551b71ac471ff9aacf6dcd5a3b0 / Jakob Unterwurzacher) + improve_example: safer command execution example with quotes ("$*") (source: ecc364df0d7269c65d2858039aaeaf27ea0e4da6 / Charles Duffy) Checksums-Sha1: 809ceab99b04273553c774e03bd0bb20cefa51f2 1947 encfs_1.9.1-4.dsc bb06917cb3461305dbb795c9ba15d0afa9164772 27260 encfs_1.9.1-4.debian.tar.xz 036469491f6a1c31eaf84c28ba911cd2b9e47704 1571526 encfs-dbgsym_1.9.1-4_amd64.deb b6a67a4bd72e46d349456f9c212b4819c6120d98 7537 encfs_1.9.1-4_amd64.buildinfo 5f624903608d327d98f75582418d8604da7126c4 380302 encfs_1.9.1-4_amd64.deb Checksums-Sha256: 5dac60af502409054f7a3ff2182901b27bc1b0af118e10b78a93335a0a622042 1947 encfs_1.9.1-4.dsc 06f85640e4e3745fbdf2cdd6f893c68eab790f03b97592b1442f51a04540cf53 27260 encfs_1.9.1-4.debian.tar.xz 2238efc928e9696832c77d67243b10631e15d47536a59bb6246a61ede4f948ce 1571526 encfs-dbgsym_1.9.1-4_amd64.deb 5e6a54061ba45a6d445c8a058a17f317e7bebbe44f62152f188427273b6412d3 7537 encfs_1.9.1-4_amd64.buildinfo 1f3621a5fa6d11fb95dc741850845628f8ab2b2aa9c010c251632650bd63c8e4 380302 encfs_1.9.1-4_amd64.deb Files: ad981af60537b9b27d4cef5c30d59c92 1947 utils optional encfs_1.9.1-4.dsc 5c8127b4fcf56fdd9c68b6ed172e729a 27260 utils optional encfs_1.9.1-4.debian.tar.xz 2b39d21a8abff78478140e4538c79b71 1571526 debug extra encfs-dbgsym_1.9.1-4_amd64.deb 338d41bc6f6dffb738308ffcb003a603 7537 utils optional encfs_1.9.1-4_amd64.buildinfo 55bf39352b20411f7506cd75adbaa8b7 380302 utils optional encfs_1.9.1-4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEZI3Zj0vEgpAXyw40aXQOXLNf7DwFAlijgJgACgkQaXQOXLNf 7DxWYhAAnJB8Gdc7HazZS+51HZDzZ0z02zIa6MxshvpxjgqwvV+0WLyHuILTnY6d I15ZkJ05ex0fjHgsTGGZBC6APesfIWM9GVFqkeyDGKbOivWvugGwjNrhr8xM/pfV o4bDws5QElJM/TdstDPRCfGIoY7af9A4QWuYKOMHJzkR1Nhn3x4LvYGtcQS8BgDp 5fkyeJzu4H4eFmOeX8BQmD4TqxJkiKgbMOVoygYLfp4PW9uKsmxzV0QcVBFzhnHC 7/9xifbA0aPKKvjGn3dFSB3VLT+9LAJpHU8c6Hbl1QJ+krK1qVr1X3fwe7qz0uPT 8qMU5/02LkmDmlhfZLkhiolflGcwIGUGxbMJlmPHsmqdIGhpFYPzL3268sVrHMTa 1U/peC7ERo9BzoF/qBkyfxSOSI8U++BdlBlLrQDIzwadgHe5knVAQBCWb4smK7hr pGaON0mpCaERxE6ZI4XWOloJe5Efcca0MXz2mDDmfWOX9BLxlBErTFIDQnDaDziF m0wtGnfmdJP3QF0iJIFYZ1nds2MyxZNFqTFWRdWR/HZ298DKLCkc/tJSPOOP3Fu+ ra1JnQgEkbmj+Rdfq3IBuvX3LRQQet3dNkm6Z59myY2qhitG8+6RK7Z5vPta50R2 UakyEc5GSu8+7GyarT6CFfSXR4MqcAWbiCzSjIlTbXudwZLeaBg= =sXbc -----END PGP SIGNATURE-----
--- End Message ---
