Debian Security Advisory
DSA-3013-1 s3ql -- security update
- Date Reported:
- 27 Aug 2014
- Affected Packages:
- s3ql
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2014-0485.
- More information:
-
Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.
For the stable distribution (wheezy), this problem has been fixed in version 1.11.1-3+deb7u1.
We recommend that you upgrade your s3ql packages.