Debian Security Advisory

DSA-3013-1 s3ql -- security update

Date Reported:
27 Aug 2014
Affected Packages:
s3ql
Vulnerable:
Yes
Security database references:
In Mitre's CVE dictionary: CVE-2014-0485.
More information:

Nikolaus Rath discovered that s3ql, a file system for online data storage, used the pickle functionality of the Python programming language in an unsafe way. As a result, a malicious storage backend or man-in-the-middle attacker was able execute arbitrary code.

For the stable distribution (wheezy), this problem has been fixed in version 1.11.1-3+deb7u1.

We recommend that you upgrade your s3ql packages.