git-annex/doc/security/CVE-2014-6274.mdwn

11 lines
391 B
Text
Raw Normal View History

CVE-2014-6274: Security fix for S3 and glacier when using embedcreds=yes with
encryption=pubkey or encryption=hybrid.
The creds embedded in the git repo were *not* encrypted.
git-annex enableremote will warn when used on a remote that has
this problem. For details, see [[upgrades/insecure_embedded_creds]].
Fixed in git-annex 5.20140919.
[[!meta date="Fri, 19 Sep 2014 12:53:42 -0400"]]