A bug exposed the checksum of annexed files to encrypted special remotes, which are not supposed to have access to the checksum of the un-encrypted file. This only occurred when resuming uploads to the encrypted special remote, so it is considered a low-severity security hole.

For details, see [[!commit b890f3a53d936b5e40aa9acc5876cb98f18b9657]]

No CVE was assigned for this issue.

Fixed in git-annex 6.20160419

[[!meta Error: Can't locate Date/Parse.pm in @INC (you may need to install the Date::Parse module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at (eval 20878) line 1. BEGIN failed--compilation aborted at (eval 20878) line 1. ]]