Update tracker for CVE-2007-5626

To: debian-security-tracker@lists.debian.org
Cc: pkg-bacula-devel@lists.alioth.debian.org
Subject: Update tracker for CVE-2007-5626
From: Carsten Leonhardt <leo@debian.org>
Date: Wed, 01 Jun 2016 11:47:01 +0200
Message-id: <[🔎] 87oa7lckbu.fsf@arioch.leonhardt.eu>

Hi,

CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the
tracker.

Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use
of which is not prone to the security issues that "make_catalog_backup"
had.

See excerpts from Upstream changelog:

> Release Version 5.0.0
> 20Jan10
> - Use make_catalog_backup.pl by default
> 06Jan10
> - Add make_catalog_backup.pl script that uses env variables and disk file to 
>   pass database password for backup

Additionally, there always have been warnings about the usage of
make_catalog_backup, as can be seen in the corresponding bug, especially
the last two messages:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54

Could you fix the tracker to display this as "fixed"?

Thanks,

Carsten

Reply to:

Follow-Ups:
- Re: Update tracker for CVE-2007-5626
  - From: Moritz Mühlenhoff <jmm@inutil.org>

Prev by Date: External check
Next by Date: Re: Update tracker for CVE-2007-5626
Previous by thread: External check
Next by thread: Re: Update tracker for CVE-2007-5626
Index(es):
- Date
- Thread