oss-sec mailing list archives
CVE request for attic : encrypted backups attack
From: Raphaël Rigo <ml-oss () syscall eu>
Date: Mon, 25 May 2015 22:10:22 +0200
Hello, attic is a deduplicating backup program written in Python. It features encrypted remote backups. Unfortunately : https://github.com/jborg/attic/issues/271 allow an attacker able to modify a remote encrypted directory to cause the client to send unencrypted data on the next backup run. It was fixed in this commit : https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072 Could a CVE be assigned ? Regards, Raphaël PS: I am not an attic dev, just a user.
Current thread:
- CVE request for attic : encrypted backups attack Raphaël Rigo (May 25)
- Re: CVE request for attic : encrypted backups attack cve-assign (May 31)