Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 510290 (CVE-2014-3462) - <sys-fs/encfs-1.7.5: multiple vulnerabilities (CVE-2014-3462)
Summary: <sys-fs/encfs-1.7.5: multiple vulnerabilities (CVE-2014-3462)
Status: RESOLVED FIXED
Alias: CVE-2014-3462
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B2 [glsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2014-05-14 07:55 UTC by Agostino Sarubbo
Modified: 2015-12-30 14:37 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2014-05-14 07:55:18 UTC 
From ${URL} :

A number of issues were found in the cryptography practices of EncFS. These are detailed in the following audit:

https://defuse.ca/audits/encfs.htm


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Anthony Basile gentoo-dev 2014-05-14 12:32:50 UTC 
Upstream encfs has not released since November 18, 2010.  Version 1.7.4 has been in the tree a while but is susceptible to the problems in the audit.
Comment 2 Felix Janda 2014-11-01 07:32:14 UTC 
There seems to be new development and a version 1.7.5 at https://vgough.github.io/encfs/ .
Comment 3 Anthony Basile gentoo-dev 2014-11-01 18:28:42 UTC 
The new version is in the tree.  Thanks Feix.  We should probably stabilize this as it is a security fix:

@amd64 and x86, please stabilize =sys-fs/encfs-1.7.5
Comment 4 Agostino Sarubbo gentoo-dev 2014-11-08 18:08:44 UTC 
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2014-11-08 18:10:09 UTC 
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 6 Kristian Fiskerstrand (RETIRED) gentoo-dev 2015-05-11 16:35:44 UTC 
New GLSA request filed
Comment 7 GLSAMaker/CVETool Bot gentoo-dev 2015-12-30 14:37:55 UTC 
This issue was resolved and addressed in
 GLSA 201512-09 at https://security.gentoo.org/glsa/201512-09
by GLSA coordinator Yury German (BlueKnight).