Re: Update tracker for CVE-2007-5626

To: Carsten Leonhardt <leo@debian.org>
Cc: debian-security-tracker@lists.debian.org, pkg-bacula-devel@lists.alioth.debian.org
Subject: Re: Update tracker for CVE-2007-5626
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Wed, 1 Jun 2016 12:21:00 +0200
Message-id: <[🔎] 20160601102100.GA14404@pisco.westfalen.local>
In-reply-to: <[🔎] 87oa7lckbu.fsf@arioch.leonhardt.eu>
References: <[🔎] 87oa7lckbu.fsf@arioch.leonhardt.eu>

On Wed, Jun 01, 2016 at 11:47:01AM +0200, Carsten Leonhardt wrote:
> Hi,
> 
> CVE-2007-5626 is rather ancient but still displayed as "unfixed" in the
> tracker.
> 
> Since bacula 5.0.0 "make_catalog_backup.pl" is used by default, the use
> of which is not prone to the security issues that "make_catalog_backup"
> had.
> 
> See excerpts from Upstream changelog:
> 
> > Release Version 5.0.0
> > 20Jan10
> > - Use make_catalog_backup.pl by default
> > 06Jan10
> > - Add make_catalog_backup.pl script that uses env variables and disk file to 
> >   pass database password for backup
> 
> Additionally, there always have been warnings about the usage of
> make_catalog_backup, as can be seen in the corresponding bug, especially
> the last two messages:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=446809#54
> 
> Could you fix the tracker to display this as "fixed"?

Thanks, I've updated the tracker.

Cheers,
        Moritz

Reply to:

References:
- Update tracker for CVE-2007-5626
  - From: Carsten Leonhardt <leo@debian.org>

Prev by Date: Update tracker for CVE-2007-5626
Next by Date: External check
Previous by thread: Update tracker for CVE-2007-5626
Next by thread: Missing bug references for embedded-code-copies data
Index(es):
- Date
- Thread