Register | Log in

backintime

Choose email to subscribe with

general

source: backintime (main)
version: 1.1.24-0.1
maintainer: Jonathan Wiltshire [DMD]
arch: all
std-ver: 4.1.5
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

oldstable: 1.0.36-1+deb8u1
stable: 1.1.12-2
testing: 1.1.24-0.1
unstable: 1.1.24-0.1

versioned links

1.0.36-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.12-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
1.1.24-0.1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

backintime-common (2 bugs: 0, 2, 0, 0)
backintime-gnome (5 bugs: 0, 5, 0, 0)
backintime-kde
backintime-qt4 (2 bugs: 0, 2, 0, 0)

action needed

A new upstream version is available: 1.2.0 high

A new upstream version 1.2.0 is available, you should consider packaging it.

Created: 2019-04-29 Last update: 2019-06-26 17:07

lintian reports 1 warning high

Lintian reports 1 warning about this package. You should make the package lintian clean getting rid of them.

Created: 2015-03-02 Last update: 2018-09-01 08:00

1 ignored security issue in stretch low

There is 1 open security issue in stretch.

1 issue skipped by the security teams:

CVE-2017-16667: backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.

Please fix it.

Created: 2017-11-09 Last update: 2018-07-28 08:09

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2017-16667: backintime (aka Back in Time) before 1.1.24 did improper escaping/quoting of file paths used as arguments to the 'notify-send' command, leading to some parts of file paths being executed as shell commands within an os.system call in qt4/plugins/notifyplugin.py. This could allow an attacker to craft an unreadable file with a specific name to run arbitrary shell commands.
CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Please fix them.

Created: 2017-04-07 Last update: 2018-07-28 08:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.3.0 instead of 4.1.5).

Created: 2018-08-20 Last update: 2018-12-23 17:15

news

[2018-07-28] backintime 1.1.24-0.1 MIGRATED to testing (Debian testing watch)
[2018-07-28] backintime 1.1.24-0.1 MIGRATED to testing (Debian testing watch)
[2018-07-22] Accepted backintime 1.1.24-0.1 (source all) into unstable (Fabian Wolff) (signed by: Sergio Durigan Junior)
[2017-12-09] backintime REMOVED from testing (Debian testing watch)
[2017-04-28] backintime 1.1.12-2 MIGRATED to testing (Debian testing watch)
[2017-04-22] Accepted backintime 1.1.12-2 (source all) into unstable (Jonathan Wiltshire)
[2016-08-13] Accepted backintime 1.0.36-1+deb8u1 (source all) into proposed-updates->stable-new, proposed-updates (Jonathan Wiltshire)
[2016-02-13] backintime 1.1.12-1 MIGRATED to testing (Debian testing watch)
[2016-02-07] Accepted backintime 1.1.12-1 (source all) into unstable (Jonathan Wiltshire)
[2015-08-26] Accepted backintime 1.1.6-1 (source all) into unstable, unstable (Jonathan Wiltshire)
[2015-07-06] backintime REMOVED from testing (Britney)
[2014-11-04] backintime 1.0.36-1 MIGRATED to testing (Britney)
[2014-10-28] Accepted backintime 1.0.36-1 (source all) into unstable (Jonathan Wiltshire)
[2014-01-13] backintime 1.0.34-0.1 MIGRATED to testing (Debian testing watch)
[2014-01-07] Accepted backintime 1.0.34-0.1 (source all) (Julian Gilbey)
[2013-12-15] backintime REMOVED from testing (Debian testing watch)
[2012-05-31] backintime 1.0.10-1 MIGRATED to testing (Debian testing watch)
[2012-05-20] Accepted backintime 1.0.10-1 (source all) (Jonathan Wiltshire)
[2011-07-16] backintime 1.0.8-1 MIGRATED to testing (Debian testing watch)
[2011-07-05] Accepted backintime 1.0.8-1 (source all) (Jonathan Wiltshire)
[2011-02-06] backintime 1.0.6-1 MIGRATED to testing (Debian testing watch)
[2011-01-03] Accepted backintime 1.0.6-1 (source all) (Jonathan Wiltshire)
[2010-12-03] Accepted backintime 1.0.4-1 (source all) (Jonathan Wiltshire)
[2010-07-23] backintime 0.9.26-4 MIGRATED to testing (Debian testing watch)
[2010-07-12] Accepted backintime 0.9.26-4 (source all) (Jonathan Wiltshire)
[2009-09-10] backintime 0.9.26-3 MIGRATED to testing (Debian testing watch)
[2009-09-07] Accepted backintime 0.9.26-3 (source all) (Jonathan Wiltshire)
[2009-08-30] backintime 0.9.26-2 MIGRATED to testing (Debian testing watch)
[2009-08-24] Accepted backintime 0.9.26-2 (source all) (Jonathan Wiltshire)
[2009-05-30] backintime 0.9.26-1 MIGRATED to testing (Debian testing watch)

1
2

bugs [bug history graph]

all: 11
RC: 0
I&N: 10
M&W: 1
F&P: 0
patch: 0

links

homepage
buildd: logs, clang, reproducibility
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 1.1.24-0.1
12 bugs

Debian Package Tracker — Copyright 2013-2018 The Distro Tracker Developers

Report problems to the tracker.debian.org pseudo-package in the Debian BTS.

Documentation — Bugs — Git Repository — Contributing