CVE-2015-4082

NameCVE-2015-4082
Descriptionattic before 0.15 does not confirm unencrypted backups with the user, which allows remote attackers with read and write privileges for the encrypted repository to obtain potentially sensitive information by changing the manifest type byte of the repository to "unencrypted / without key file".
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs787435

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
atticsource(unstable)0.16-1787435

Notes

[jessie] - attic <no-dsa> (Minor issue)
https://github.com/jborg/attic/issues/271
https://github.com/jborg/attic/commit/78f9ad1faba7193ca7f0acccbc13b1ff6ebf9072
https://www.openwall.com/lists/oss-security/2015/05/25/3
Search for package or bug name: Reporting problems