Ubuntu
encfs package

please sync encfs 1.7.2 from debian unstable - security vulnerabilities

Bug #657394 reported by David Sugar
268
This bug affects 2 people
Affects Status Importance Assigned to Milestone
EncFS
Fix Released
Unknown
encfs (Ubuntu)
Fix Released
Medium
Unassigned
Maverick
Won't Fix
Undecided
Unassigned

Bug Description

Binary package hint: encfs

As reported in Debian there are multiple security vulnerabilities in encfs (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=595998) resolved in 1.7.2. I have verifed 1.7.2 rebuilds on Maverick straight from Sid, and we carry no ubuntu patches at present.

CVE References

Bug Watch Updater (bug-watch-updater)
Changed in encfs:
status: Unknown → Fix Released
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks for taking the time to report this bug and helping to make Ubuntu better. Since the package referred to in this bug is in universe or multiverse, it is community maintained. If you are able, I suggest posting a debdiff for this issue. When a debdiff is available, members of the security team will review it and publish the package. See the following link for more information: https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures

visibility: private → public
Marc Deslauriers (mdeslaur)
Changed in encfs (Ubuntu):
status: New → Confirmed
importance: Undecided → Medium
Revision history for this message
Brian Murray (brian-murray) wrote :

I'm setting the Natty task to Fix Released as the requested package version is available in it.

     encfs | 1.3.2-1-1 | hardy/universe | source, amd64, i386
     encfs | 1.4.2-2 | jaunty/universe | source, amd64, i386
     encfs | 1.5.2-1ubuntu1 | karmic/universe | source, amd64, i386
     encfs | 1.5.2-2 | lucid/universe | source, amd64, i386
     encfs | 1.6.1-1 | maverick/universe | source, amd64, i386
     encfs | 1.7.2-1 | natty/universe | source, amd64, i386

Changed in encfs (Ubuntu):
status: Confirmed → Fix Released
Changed in encfs (Ubuntu Maverick):
status: New → Confirmed
Revision history for this message
Petri Lehtinen (petri) wrote :

Changed to point to the correct debian bug.

Changed in encfs:
status: Fix Released → Unknown
Bug Watch Updater (bug-watch-updater)
Changed in encfs:
status: Unknown → Fix Released
Revision history for this message
Valient Gough (vgough) wrote :

encfs 1.7.2 is not the most recent release and has one known bug which is fixed in the 1.7.4 release.

Revision history for this message
Petri Lehtinen (petri) wrote :

1.7.4 is already in natty.

To get the security issues fixed in Maverick or older Ubuntu versions, someone would need to backport the security patches to older encfs versions.

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thank you for reporting this bug to Ubuntu. maverick has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against maverick is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

Changed in encfs (Ubuntu Maverick):
status: Confirmed → Won't Fix
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.