[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#924642: stretch-pu: package rsync/3.1.2-1+deb9u1

On Sun, 2019-03-31 at 19:57 +0100, Adam D. Barratt wrote:
> Control: tags -1 + moreinfo
> 
> On Fri, 2019-03-15 at 11:23 +0100, Paul Slootman wrote:
> > There are a couple of CVEs that have been fixed by 3.1.2-1+deb9u2.
> > After discussing this with a member of the security team it was not
> > considered important enough to warrant a DSA, but it would be good
> > if
> > it
> > could be included in a point release for stretch.
> > 
> > The changelog is:
> > 
> >   * Apply CVEs from 2016 to the zlib code.
> >     closes:#924509
> > 
> > The only change was the addition of 4 patches to the zlib code.
> > 
> > The uploaded version was compiled on a stretch system.
> > 
> 
> There doesn't appear to be an uploaded version anywhere that I can
> see.

Because:

Mar 15 10:54:14 /rsync_3.1.2-1+deb9u2_amd64.changes has bad PGP/GnuPG
signature!

> Please attach a source debdiff to this report.

Regards,

Adam
Reply to: