Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1
From: Paul Slootman <paul@debian.org>
Date: Fri, 15 Mar 2019 11:23:39 +0100
Message-id: <[🔎] 155264541946.15730.14674871842467557794.reportbug@wurtel-ws.home.wurtel.net>
Reply-to: Paul Slootman <paul@debian.org>, 924642@bugs.debian.org

Package: release.debian.org
Severity: normal
Tags: stretch
User: release.debian.org@packages.debian.org
Usertags: pu

There are a couple of CVEs that have been fixed by 3.1.2-1+deb9u2.
After discussing this with a member of the security team it was not
considered important enough to warrant a DSA, but it would be good if it
could be included in a point release for stretch.

The changelog is:

  * Apply CVEs from 2016 to the zlib code.
    closes:#924509

The only change was the addition of 4 patches to the zlib code.

The uploaded version was compiled on a stretch system.

Thanks!
Paul

-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.17.6-wurtel-ws (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Reply to:

Follow-Ups:
- Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
- Processed: Re: Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#924641: unblock: rsync/3.1.3-6
Next by Date: Bug#924157: marked as done (RM: openhft-chronicle-threads/1.1.6-1)
Previous by thread: Bug#924641: marked as done (unblock: rsync/3.1.3-6)
Next by thread: Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1
Index(es):
- Date
- Thread