[pkg-bacula-devel] Update tracker for CVE-2007-5626
Carsten Leonhardt
leo at debian.org
Wed Jun 1 09:47:01 UTC 2016
Hi,
CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the
tracker.
Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use
of which is not prone to the security issues that "make_catalog_backup"
had.
See excerpts from Upstream changelog:
> Release Version 5.0.0
> 20Jan10
> - Use make_catalog_backup.pl by default
> 06Jan10
> - Add make_catalog_backup.pl script that uses env variables and disk file to
> pass database password for backup
Additionally, there always have been warnings about the usage of
make_catalog_backup, as can be seen in the corresponding bug, especially
the last two messages:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54
Could you fix the tracker to display this as "fixed"?
Thanks,
Carsten
More information about the pkg-bacula-devel
mailing list