[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Wheezy update of rsync?

On Sun 29 Oct 2017, Thorsten Alteholz wrote:
> The Debian LTS team would like to fix the security issue which is
> currently open in the Wheezy version of rsync:
> https://security-tracker.debian.org/tracker/source-package/rsync
> Would you like to take care of this yourself?

I have taken a quick look, but the patches listed there have no chance
of being applied to the wheezy 3.0.9 version of rsync. Only the second
is applicable with a minor change.
The handling of the checksums apparently is changed considerably.

I don't know the exact details of this CVE yet (I haven't had time to
research this) but I'm afraid it may take me some time to get this to
apply to 3.0.9.

I think that it would be best if someone else has a crack at this.
I may have another look tomorrow but I can't promise anything.


Attachment: signature.asc
Description: PGP signature

Reply to: