CVE-2013-7469

NameCVE-2013-7469
DescriptionSeafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs923009

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
seafile (PTS)buster6.2.11-1vulnerable
bullseye7.0.10-1fixed
bookworm8.0.10-1fixed
trixie9.0.4-1fixed
sid9.0.4-1.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
seafilesource(unstable)7.0.2-1923009

Notes

[buster] - seafile <ignored> (Minor issue)
https://github.com/haiwen/seafile/issues/350

Search for package or bug name: Reporting problems