CVE-2013-7469

NameCVE-2013-7469
DescriptionSeafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionary attacks.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs923009

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
seafile (PTS)buster6.2.11-1vulnerable
bullseye, sid7.0.2-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
seafilesource(unstable)(unfixed)923009

Notes

[buster] - seafile <ignored> (Minor issue)
https://github.com/haiwen/seafile/issues/350

Search for package or bug name: Reporting problems