oss-sec mailing list archives

CVE request for attic : encrypted backups attack

From: Raphaël Rigo <ml-oss () syscall eu>
Date: Mon, 25 May 2015 22:10:22 +0200

Hello,

attic is a deduplicating backup program written in Python.
It features encrypted remote backups.

Unfortunately :
https://github.com/jborg/attic/issues/271
allow an attacker able to modify a remote encrypted directory to cause the
client to send unencrypted data on the next backup run.

It was fixed in this commit :
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072

Could a CVE be assigned ?

Regards,
Raphaël
PS: I am not an attic dev, just a user.

Current thread:

CVE request for attic : encrypted backups attack Raphaël Rigo (May 25)
- Re: CVE request for attic : encrypted backups attack cve-assign (May 31)