On Sun 29 Oct 2017, Thorsten Alteholz wrote: > > The Debian LTS team would like to fix the security issue which is > currently open in the Wheezy version of rsync: > https://security-tracker.debian.org/tracker/source-package/rsync > > Would you like to take care of this yourself? I have taken a quick look, but the patches listed there have no chance of being applied to the wheezy 3.0.9 version of rsync. Only the second one https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 is applicable with a minor change. The handling of the checksums apparently is changed considerably. I don't know the exact details of this CVE yet (I haven't had time to research this) but I'm afraid it may take me some time to get this to apply to 3.0.9. I think that it would be best if someone else has a crack at this. I may have another look tomorrow but I can't promise anything. Thanks, Paul
Attachment:
signature.asc
Description: PGP signature