[Borgbackup] borgbackup 1.2.6 released, including a security fix!
Felix Schwarz
felix.schwarz at oss.schwarz.eu
Fri Sep 8 03:03:03 EDT 2023
Hi Thomas,
thank you for all your work on borgbackup, including handling this bug.
I updated Fedora and EPEL 9 to provide borgbackup 1.2.6.
My question is related to borg 1.1.x which we ship for EPEL 7 and EPEL 8. From
reading the CVE I think these versions are vulnerable as well, right?
Do you plan on backporting the patch or are you aware if someone else does that?
In general I am not too concerned about this security issue (as it requires
repo-level write access) but if there is an easy way I would for sure add a patch.
Best,
Felix
More information about the Borgbackup
mailing list