[pkg-bacula-devel] Update tracker for CVE-2007-5626

Moritz Mühlenhoff jmm at inutil.org
Wed Jun 1 10:21:00 UTC 2016


On Wed, Jun 01, 2016 at 11:47:01AM +0200, Carsten Leonhardt wrote:
> Hi,
> 
> CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the
> tracker.
> 
> Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use
> of which is not prone to the security issues that "make_catalog_backup"
> had.
> 
> See excerpts from Upstream changelog:
> 
> > Release Version 5.0.0
> > 20Jan10
> > - Use make_catalog_backup.pl by default
> > 06Jan10
> > - Add make_catalog_backup.pl script that uses env variables and disk file to 
> >   pass database password for backup
> 
> Additionally, there always have been warnings about the usage of
> make_catalog_backup, as can be seen in the corresponding bug, especially
> the last two messages:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54
> 
> Could you fix the tracker to display this as "fixed"?

Thanks, I've updated the tracker.

Cheers,
        Moritz



More information about the pkg-bacula-devel mailing list