From the Debian bugreport: When asking backintime to remove an old backup, it first change mode of all file of the backup to 777, allowing potentially every local user to read and modify those before they are deleted (and this could take some time). Worst still, if a file is shared between several backup, as the file's mode are also shared, it stay world readable and writable in those other backup.
Created attachment 207083 [details, diff] backintime-0.9.26_snapshots.patch Patch taken from Fedora's backintime-0.9.26_snapshots.patch.
patch applied in backintime-0.9.26-r1.ebuild - old version removed. thanks for the sec check.
Thanks, closing.
CVE-2009-3611 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3611): common/snapshots.py in Back In Time (aka backintime) 0.9.26 changes certain permissions to 0777 before deleting the files in an old backup snapshot, which allows local users to obtain sensitive information by reading these files, or interfere with backup integrity by modifying files that are shared across snapshots.
