-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 12 Jan 2025 15:40:14 +0000
Source: rsync
Architecture: source
Version: 3.3.0+ds1-3
Distribution: unstable
Urgency: critical
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
rsync (3.3.0+ds1-3) unstable; urgency=critical
.
* Import upstream patches for CVE-2024-12084, CVE-2024-12085,
CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12084
~ 0001-Some-checksum-buffer-fixes.patch
~ 0002-Another-cast-when-multiplying-integers.patch
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12085
~ 0001-prevent-information-leak-off-the-stack.patch
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12086
~ 0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch
~ 0002-added-secure_relative_open.patch
~ 0003-receiver-use-secure_relative_open-for-basis-file.patch
~ 0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12087
~ 0001-Refuse-a-duplicate-dirlist.patch
~ 0002-range-check-dir_ndx-before-use.patch
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12088
~ 0001-make-safe-links-stricter.patch
- d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12747
~ 0001-fixed-symlink-race-condition-in-sender.patch
- d/p/rsync-upstream-CVE-patches-v3/version_update
~ 0001-raise-protocol-version-to-32.patch
~ 0002-change-version-to-3.4.0.patch
~ 0003-update-NEWS-for-3.4.0.patch
Checksums-Sha1:
648f635c7507cd0be66707159a915b9f0d9fe08f 2077 rsync_3.3.0+ds1-3.dsc
839a1ac7c4425d10032976b55e5c7811931d007d 985730 rsync_3.3.0+ds1.orig.tar.gz
c462aa23238d2d09f3a8f56e635514ab8f3f2c37 39272 rsync_3.3.0+ds1-3.debian.tar.xz
5bd7a1df817d889b4af0766a63704d554f267b9d 6809 rsync_3.3.0+ds1-3_amd64.buildinfo
Checksums-Sha256:
2f4178f929951b764450fc245330c6655a560017c101b8de455660085ce83e59 2077 rsync_3.3.0+ds1-3.dsc
8f528f7be28a1b46200b420be8e8cf9e47a61402b3105962ac2ad777ba56aaa2 985730 rsync_3.3.0+ds1.orig.tar.gz
cff608a34a78edfdffdd29fdc18daaa5de24efe14b5d6b3f3543a1752e25bd82 39272 rsync_3.3.0+ds1-3.debian.tar.xz
58986c85a08a0d8a0198332701bcf0f336cef49acf42213a0a3f58778e458a3a 6809 rsync_3.3.0+ds1-3_amd64.buildinfo
Files:
227888a4506ed2008f362f081ef0434a 2077 net optional rsync_3.3.0+ds1-3.dsc
3d12d9dad0804e62046db7a099627231 985730 net optional rsync_3.3.0+ds1.orig.tar.gz
1d267267fab469ceb9f25994014de737 39272 net optional rsync_3.3.0+ds1-3.debian.tar.xz
172e5bbf5ec6c70f1467a3d659e44964 6809 net optional rsync_3.3.0+ds1-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEv66eMxqGenyA2Ot49OSs27jQi+AFAmeFc6QACgkQ9OSs27jQ
i+AxvBAAsD0IDkw0HUCYSC0Lv05miDMCeBMQUeS1S9aS9N4eY+iIfT+P1OMddj2x
K7B81UgQmCbCRZqYCwjFHUJTkQXjX4wC7/SvxLERpm5pifKLYDxri+JW1qCI/na8
tqsTS98M3GOy8j3gLJkaQlZ6lq4x/qHSvellyHnmMSmR0TQUPBO9/MNmRpN1dMQ+
knuboTh2E6yB9qFjJNq4ENDj3s1CdoBClolUM3cyrjuK8gBsfU23J7AfcNP6Ehoo
iAJeczyONTtKUXhovR7bibPBjRg2YFZXYOE7HTT9lyzOB0M0d6PlR8S8kHWA6wzZ
Oeulux5RxuWCStmax5yaWqwb8Sinnouh00ACLxorG5amzTDrxRqy1OZHTiXO91ya
YZVMoOcKwwu3I8dEBffP+hIA7JnmZ/I0QG2n0OdCtCHqg5pZszV9H+nk/53iXO3i
iy+bdXAs52WZslC+afo8UZHAsCRHaKHyBrIpeLwbL9fHfkL7F3yu57qZcxgrCaNK
XwfhlOoFPXr3K82nvJuqu/an+4zM0rwsTLI1FtqBFVUVWi/zRFXLCi6B1RUqtvyZ
MWnTpht/Bd8xuwTH5s8gyXxVTlsRqYsvtCg64FS9gHZs6PsM8ETviHkas9s061bU
7TOalYcsPMJu7t9TNItfCvY8R3zvE1KktfP5vThK8Bwi53/2UeU=
=5zm2
-----END PGP SIGNATURE-----
Attachment:
pgppHxT7jvXzN.pgp
Description: PGP signature