-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.8 Date: Tue, 19 Aug 2014 20:44:17 -0700 Source: s3ql Binary: s3ql s3ql-dbg Architecture: source amd64 Version: 1.11.1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Debian Python Apps Team <python-apps-team@lists.alioth.debian.org> Changed-By: Nikolaus Rath <Nikolaus@rath.org> Description: s3ql - Full-featured file system for online data storage s3ql-dbg - Full-featured file system for online data storage (debugging symb Changes: s3ql (1.11.1-3+deb7u1) wheezy-security; urgency=high . * SECURITY UPDATE for CVE-2014-0485 remote code execution vulnerability. . For non-encrypted file systems, an attacker with control over the communication with the storage backend or the ability to manipulate the data stored in the backend was able to trigger execution of arbitrary code by mount.s3ql, fsck.s3ql, mkfs.s3ql and s3qladm. . Encrypted file systems were protected against this if the attacker did not know the file system passphrase. Mounting an encrypted file system prepared by an attacker (which is possible if the attacker shares the file system passphrase) thus allowed the attacker to execute arbitrary code even when using encryption. Checksums-Sha1: 76732c51a3b663c27e5f7d391c10bb4ebfd4060f 2015 s3ql_1.11.1-3+deb7u1.dsc d8c0b752ac8aa9376b43a01424a2afd325737162 1434714 s3ql_1.11.1.orig.tar.bz2 a0c39bd9225476c453f88281e02642210fa92b2d 8369 s3ql_1.11.1-3+deb7u1.debian.tar.bz2 74a96f44f0cd2fa82eb2e4b47eaf7eb6663fd459 498656 s3ql_1.11.1-3+deb7u1_amd64.deb c06f681f4ac8344e158b08f07f16496969ddb4e3 89278 s3ql-dbg_1.11.1-3+deb7u1_amd64.deb Checksums-Sha256: 5976b8929dd173fbd9f70ecbf60949b40cc0a49f2fc2571f8ab626e9247ff86f 2015 s3ql_1.11.1-3+deb7u1.dsc bb1a6bfd19bb4eccb675a0d1a60c5df24b438192efee0c264e0c1fe161828bd8 1434714 s3ql_1.11.1.orig.tar.bz2 d7c7b3c27cd92075b47d486c1ac72de409b63018673e4e74bb18429d0c1bfe07 8369 s3ql_1.11.1-3+deb7u1.debian.tar.bz2 505f2a88bc169513aadfae80e3d9669e3f01eac92e4171b3eac750a5d9240486 498656 s3ql_1.11.1-3+deb7u1_amd64.deb 066a5a006f57168eddfccab01dafaedc2a7c5a9e9243265dc588d2cbaf8044dc 89278 s3ql-dbg_1.11.1-3+deb7u1_amd64.deb Files: 5928ca44450744bb9b1550b8d7c1171d 2015 misc optional s3ql_1.11.1-3+deb7u1.dsc 14384bdb5eac8e9fe086c6c2199c6368 1434714 misc optional s3ql_1.11.1.orig.tar.bz2 4c57a12f53f071780787d2a37e5f1278 8369 misc optional s3ql_1.11.1-3+deb7u1.debian.tar.bz2 40a63b3c7676afe914d3cdef479a0369 498656 misc optional s3ql_1.11.1-3+deb7u1_amd64.deb 0087a4967d63bb540beb5c78d1c241e2 89278 debug extra s3ql-dbg_1.11.1-3+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQEcBAEBAgAGBQJT/ivMAAoJEL97/wQC1SS+AZsH/0oz9SAIM587l6u7dSWJEP8b SljZJmnk7NUCTBAyqnZndUFta7WJrW9B7dhnZe62g15gXvYxol63XzvE2SVgEIcZ 3Q7OOvVBuz7kTUW8XEwRfTKwf3U2K9zuRdkEndKgHRm8PKJcJz38fj0p1gMBltcc FwgbEYTH886etgV8WefrSj899g8339urwKtcRbH8kaGcMlPDAPLk7F6l3BmDvSpt r8MXnIyckaWmhnDH/KizKlEhHbGYSJwXmdYsVu/mJzlC6IkVj1/RcUtG7cTokqck sQlgWdDJhnktzaVqdNs9AWWIObBFe4env3BPJhfjhtg4IT4b8pwuYcg3Yrtm9wo= =8iK7 -----END PGP SIGNATURE-----