[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 2453-1] restic security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-2453-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                            Brian May
November 17, 2020                             https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : restic
Version        : 0.3.3-1+deb9u1
CVE ID         : CVE-2020-9283

golang-go.crypto was recently updated with a fix for CVE-2020-9283. This in
turn requires all packages that use the affected code to be recompiled in order
to pick up the security fix.

CVE-2020-9283

    SSH signature verification could cause Panic when given
    invalid Public key.

For Debian 9 stretch, this problem has been fixed in version
0.3.3-1+deb9u1.

We recommend that you upgrade your restic packages.

For the detailed security status of restic please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/restic

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEKpwfR8DOwu5vyB4TKpJZkldkSvoFAl+y89sACgkQKpJZkldk
Svo/mQ//byuAryq/R2DPP8Jps6jsNp61xH7gDU4+5MUofps/OgoD0POzOlHyVtOr
4DyNx2ihe7dWqQt4zoZoBFx3BJP37oKjA73uP3zlucvwxMvWduI2b2PuR0rbiFrY
WDAe/2g13qBzKCxrBIKTerfeIdiqVk3rfiDxCeQ4oBmeNi3AFYJZoBb8CCJDqIez
3Nl7ETqJzby5me+M4jD5pY/7bYHpqGFF+AmOyJt4jonHfNxi20k5WumdOlyUq8BN
SOGu4qg+h5gruKhyYISDQnS3FjTJwWEBaJwWEgwPkdmnqTdc6gyf6M1Zsr6vLeu9
5Sq3JstomgnN6fNwZhAzJR34vvEEbanwbn92lQJMkuP5+LOaSD3qVvoVcXIEYPeo
NjQzzgbvfcMwPqamgAENbftu9ovxyMO3FxqXY9uchASHhj8aoZZaP2ztK9u9WE7f
A6pRfOreu8hTSW8A3Ypwf0RBij8NDrNE645ZSES54TrIAu/bliHZrHO7vTMYqLR2
oVcdAJn3UFYBxG4xJkd8Sl40sS5eALGoa4hQKisYepVV3WC6hptV5lTBoUvVHLHx
D7fh1cyDvgdd7sLnT17SvfKZriReqb6rQdOHmbVTIELoAF3KS16RySIxs7HjNmT1
a5Uf5oaRlyNzLZZbVnEvnRpKUazmCIMeH01cNdgiZ1RM+XOFbX8=
=NL89
-----END PGP SIGNATURE-----


Reply to: