Launchpad.net

CVE 2016-10099

Borg (aka BorgBackup) before 1.0.9 has a flaw in the cryptographic protocol used to authenticate the manifest (list of archives), potentially allowing an attacker to spoof the list of archives.

Related bugs and status

CVE-2016-10099 (Candidate) is related to these bugs:

Bug #1690846: [SRU] version in repository is outdated and has vulnerabilities

		In	Importance	Status
1690846	[SRU] version in repository is outdated and has vulnerabilities	borgbackup (Ubuntu)	Undecided	Fix Released
1690846	[SRU] version in repository is outdated and has vulnerabilities	borgbackup (Ubuntu Xenial)	Undecided	In Progress
1690846	[SRU] version in repository is outdated and has vulnerabilities	borgbackup (Ubuntu Yakkety)	Undecided	Won't Fix

Bug #1717666: borgbackup: multiple security issues

		In	Importance	Status
1717666	borgbackup: multiple security issues	borgbackup (Ubuntu)	Undecided	Fix Released
1717666	borgbackup: multiple security issues	borgbackup (Ubuntu Zesty)	Undecided	Fix Released
1717666	borgbackup: multiple security issues	borgbackup (Ubuntu Xenial)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://borgbackup.read...
BID: 95205