DescriptionStoreBackup before 1.19 does not properly set the uid and guid for symbolic links (1) that are backed up by, or (2) recovered by, which could cause files to be restored with incorrect ownership.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs332434

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
storebackup (PTS)buster3.2.1-2~deb10u1fixed
bookworm, sid, bullseye3.2.1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs

Search for package or bug name: Reporting problems