CVE-2013-6394 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6394): Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext attacks.
2.1.6 has been added to the tree. Is 2.0.x affected?
It isn't specifically mentioned in any of the advisories, only 2.1 and 2.2. That said, probably safer to clean the older version unless there's a specific need for the 2.0 version.
I'd like to keep it somewhat longer. 2.0.x is for MySQL 5.4 and 5.5. 2.1.x for 5.5 and 5.6.
(In reply to Christian Ruppert (idl0r) from comment #3) > I'd like to keep it somewhat longer. 2.0.x is for MySQL 5.4 and 5.5. 2.1.x > for 5.5 and 5.6. Can we clean up 2.0.x or do you still need it for older MySQL?
(In reply to Yury German from comment #4) > (In reply to Christian Ruppert (idl0r) from comment #3) > > I'd like to keep it somewhat longer. 2.0.x is for MySQL 5.4 and 5.5. 2.1.x > > for 5.5 and 5.6. > > Can we clean up 2.0.x or do you still need it for older MySQL? It's needed for older MySQL. 2.0.x is AFAIK not affected.
Thank you for verifications since 2.0.8 is not affecting. Closing - noglsa needed since no stable version.