Hello mirror operators We released ftpsync 20171017 today. This is a security update, it fixes CVE-2017-8805. rsync was called without --safe-links. This allowed the creating of symlinks to files outside of the mirrored tree. If the mirror also provides access via HTTP, the server will usually follow symlinks and allow access to arbitrary files or directories. Other notable changes are: * We added support for rsync-over-SSH, * We tried to really add documentation that is not example configs. Several parts are still missing, but we are getting there. You can find the new ftpsync version on a Debian mirror near you. Regards, Bastian -- Suffocating together ... would create heroic camaraderie. -- Khan Noonian Singh, "Space Seed", stardate 3142.8
Attachment:
signature.asc
Description: PGP signature