Candidate: CVE-2016-10100
PublicDate: 2017-01-02 21:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10100
 http://borgbackup.readthedocs.io/en/stable/changes.html#pre-1-0-9-manifest-spoofing-vulnerability
Description:
 Borg (aka BorgBackup) before 1.0.9 has a flaw in the way duplicate archive
 names were processed during manifest recovery, potentially allowing an
 attacker to overwrite an archive.
Ubuntu-Description:
Notes:
Bugs:
Priority: low
Discovered-by: Marian Beermann
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N [5.3 MEDIUM]

Patches_borgbackup:
upstream_borgbackup: needs-triage
precise_borgbackup: DNE
precise/esm_borgbackup: DNE
trusty_borgbackup: DNE
trusty/esm_borgbackup: DNE
vivid/stable-phone-overlay_borgbackup: DNE
vivid/ubuntu-core_borgbackup: DNE
xenial_borgbackup: not-affected (1.0.9-1)
yakkety_borgbackup: ignored (reached end-of-life)
zesty_borgbackup: ignored (reached end-of-life)
artful_borgbackup: ignored (reached end-of-life)
bionic_borgbackup: not-affected (1.0.9-1)
cosmic_borgbackup: not-affected (1.0.9-1)
devel_borgbackup: not-affected (1.0.9-1)