FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

borgbackup -- remote users can override repository restrictions

Affected packages
1.1.0 <= py34-borgbackup < 1.1.3
1.1.0 <= py35-borgbackup < 1.1.3
1.1.0 <= py36-borgbackup < 1.1.3

Details

VuXML ID 0d369972-d4ba-11e7-bfca-005056925db4
Discovery 2017-11-27
Entry 2017-11-29

BorgBackup reports:

Incorrect implementation of access controls allows remote users to override repository restrictions in Borg servers. A user able to access a remote Borg SSH server is able to circumvent access controls post-authentication. Affected releases: 1.1.0, 1.1.1, 1.1.2. Releases 1.0.x are NOT affected.

[source]

References

CVE Name CVE-2017-15914
URL https://github.com/borgbackup/borg/blob/1.1.3/docs/changes.rst#version-113-2017-11-27

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.