Current versions of borgbackup contain a security flaw which is fixed in 1.0.7. Currently this is a binary only release (https://github.com/borgbackup/borg/releases/tag/1.0.7bin) to give borg admins a bit of a head start but the full source release is supposed to be released later today. This ticket is meant as a heads up so we can get the fix into Fedora as soon as possible.
borgbackup 1.0.7 is now available: https://pypi.python.org/pypi/borgbackup/1.0.7 More details about the security issue can be found in the changelog: https://borgbackup.readthedocs.io/en/stable/changes.html#version-1-0-7-2016-08-19
borgbackup-1.0.7-1.el7 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f0e09b5124
borgbackup-1.0.7-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2016-20014bf2bd
borgbackup-1.0.7-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2016-4820585b11
borgbackup-1.0.7-1.fc23 has been submitted as an update to Fedora 23. https://bodhi.fedoraproject.org/updates/FEDORA-2016-f734302c3f
borgbackup-1.0.7-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-4820585b11
borgbackup-1.0.7-1.el7 has been pushed to the Fedora EPEL 7 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2016-f0e09b5124
borgbackup-1.0.7-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-20014bf2bd
borgbackup-1.0.7-1.fc23 has been pushed to the Fedora 23 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2016-f734302c3f
borgbackup-1.0.7-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.
borgbackup-1.0.7-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
borgbackup-1.0.7-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
borgbackup-1.0.7-1.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.