-
rsync (3.0.9-1ubuntu1.3) precise-security; urgency=medium
* SECURITY UPDATE: receive_xattr function does not check
for '\0' character allowing denial of service attacks
- debian/patches/CVE-2017-16548.patch: enforce trailing
\0 when receiving xattr values in xattrs.c.
- CVE-2017-16548
* SECURITY UPDATE: Allows remote attacker to bypass argument
- debian/patches/CVE-2018-5764.patch: Ignore --protect-args
when already sent by client in options.c.
- CVE-2018-5764
-- <email address hidden> (Leonidas S. Barbosa) Thu, 18 Jan 2018 16:43:26 -0300
-
rsync (3.0.9-1ubuntu1.1) precise-security; urgency=medium
* SECURITY UPDATE: rsync path spoofing attack
- debian/patches/CVE-2014-9512-0.patch: reject invalid filenames in
filelist in flist.c, rsync.h, util.c.
- debian/patches/CVE-2014-9512-1.patch: complain if an inc-recursive
path is not right for its dir in flist.c, io.c, main.c, rsync.c.
- debian/patches/CVE-2014-9512-2.patch: add parent-dir validation for
--no-inc-recurse too in flist.c, generator.c.
- CVE-2014-9512
-- Marc Deslauriers <email address hidden> Wed, 20 Jan 2016 08:00:00 -0500
-
rsync (3.0.9-1ubuntu1) precise; urgency=low
* Mark rsync Multi-Arch: foreign.
-- Steve Langasek <email address hidden> Tue, 08 Nov 2011 10:56:28 -0800
-
rsync (3.0.9-1) unstable; urgency=low
* new upstream release.
* Bumped Standards-Version to 3.9.2.0 (no change necessary).
* manpage no longer shows erroneous default for --delete-before.
(upstream fix)
closes:#640869,#587567
* manpage now mentions that --files-from sorts the filenames.
(upstream fix)
closes:#536755
* init.d script checks nice value correctly now.
closes:#586707
* fixed typo in comment in sample script rrsync.
closes:#635603
* Updated package description and included homepage line.
closes:#614098
* Correct error message when using --delete-delay when dying in certain cases.
See also #587567
closes:#586551
* included rsync.service file for systemd, supplied by Michael Stapelberg.
closes:#639632
* conflict with duplicity < 0.6.11 as that tries to use rsync:// in
combination with ::module syntax, which is not allowed (but used to be
accepted in older rsync versions).
closes:#605731
rsync (3.0.9~pre2-2) experimental; urgency=low
* updated lintian override. This is a modified version optimized for the
rsync protocol. I.e. the standard zlib version will not work as well.
* included rsync.service file supplied by Michael Stapelberg,
see bug#639632
rsync (3.0.9~pre2-1) experimental; urgency=low
* new upstream prerelease.
-- Jamie Strandboge <email address hidden> Mon, 07 Nov 2011 17:02:34 +0000
-
rsync (3.0.8-1ubuntu1) oneiric; urgency=low
* Merge from debian unstable. Remaining changes:
- debian/patches/delete-delay.diff: correct error message when using
--delete-delay (LP: #516241), patch originally from Jonas Pedersen
* Drop debian/patches/security-CVE-2011-1097.diff which is now included
upstream
rsync (3.0.8-1) unstable; urgency=low
* new upstream release.
* Bumped Standards-Version to 3.9.1.0 (no change necessary).
-- Jamie Strandboge <email address hidden> Thu, 05 May 2011 15:07:18 -0500
