-
rsync (3.1.2-1ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: bypass intended access restrictions
- debian/patches/CVE-2017-17433.patch: check fname in
recv_files sooner in receiver.c.
- CVE-2017-17433
* SECURITY UPDATE: not check for fnamecmp filenames and
does not apply sanitize_paths
- debian/patches/CVE-2017-17434-part1.patch: check daemon
filter against fnamecmp in receiver.c.
- debian/patches/CVE-2017-17434-part2.patch: sanitize xname
in rsync.c.
- CVE-2017-17434
-- <email address hidden> (Leonidas S. Barbosa) Wed, 06 Dec 2017 10:57:38 -0300
-
rsync (3.1.2-1) unstable; urgency=medium
* new upstream release
* Bumped Standards-Version to 3.9.8 (no change necessary).
* added deb-systemd-helper stuff to maintainer scripts to properly support
systemd.
closes:#764616
* Modified the /etc/default/rsync and /usr/share/doc/rsync/README.Debian
to document how to configure the rsync daemon behaviour when using systemd.
closes:#786549
* included copy-devices.diff patch from
https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
enable the --copy-devices option to copy the data inside a device instead
of copying the node.
closes:#509335
* included time-limit.diff patch from
https://rsync.samba.org/ftp/rsync/src/rsync-patches-3.1.2.tar.gz to
enable the -stop-at and --time-limit patches to stop rsync at a certain
time or after a certain duration.
closes:#701812
* Add description of value for --compress-level to manpage.
closes:#700697
* Don't use hard-coded path to invoke-rc.d for check in prerm script.
-- Paul Slootman <email address hidden> Fri, 07 Oct 2016 15:48:23 +0200
-
rsync (3.1.1-3ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for rsync path spoofing attack
- debian/patches/CVE-2014-9512-2.diff: add parent-dir validation for
--no-inc-recurse too in flist.c, generator.c.
- CVE-2014-9512
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2016 14:58:35 -0500
