Package "ecryptfs-utils"

  ecryptfs-utils (96-0ubuntu3.5) precise-security; urgency=medium

  * SECURITY UPDATE: Don't allow mount.ecryptfs_private to be used to mount on
    top of pseudo filesystem such as procfs
    - debian/patches/CVE-2016-1572.patch: Check the filesystem type of the
      mount destination against a whitelist of approved types.
    - CVE-2016-1572
  * debian/patches/CVE-2014-9687.patch: Update patch to return an error when a
    version 1 wrapped passphrase file could not be read.

 -- Tyler Hicks Fri, 15 Jan 2016 17:49:10 -0600

  ecryptfs-utils (96-0ubuntu3.4) precise-security; urgency=medium

  * SECURITY UPDATE: Mount passphrase wrapped with a default salt value
    - debian/patches/CVE-2014-9687.patch: Generate a random salt when wrapping
      the mount passphrase. If a user has a mount passphrase that was wrapped
      using the default salt, their mount passphrase will be rewrapped using a
      random salt when they log in with their password.
    - debian/patches/CVE-2014-9687.patch: Create a temporary file when
      creating a new wrapped-passphrase file and copy it to its final
      destination after the file has been fully synced to disk (LP: #1020902)
    - debian/rules: Set the executable bit on the wrap-unwrap.sh and
      v1-to-v2-wrapped-passphrase.sh test scripts that were created by
      wrapping-passphrase-salt.patch
    - CVE-2014-9687
 -- Tyler Hicks <email address hidden> Wed, 04 Mar 2015 16:38:14 -0600

  ecryptfs-utils (96-0ubuntu3.1) precise-proposed; urgency=low

  * Fix encrypted home/private race condition that could result in encrypted
    filenames not being decrypted, despite the directory being mounted
    correctly otherwise. (LP: #1052038)
    - debian/patches/fix-private-mount-race.patch: Fix race condition by only
      opening the signature file once, rather than opening, reading, and
      closing it for each key signature.
 -- Tyler Hicks <email address hidden> Tue, 04 Dec 2012 14:12:55 -0600