[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [WSO Core #5325] [SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access

reopen 265662
tags 265662 + sarge

On Thu, Aug 19, 2004 at 10:23:56 +0200, Jan Wagner wrote:
> Does anybody know, if rsync 2.6.2-3 will reach sarge before it is
> released?

The current status: http://bjorn.haxx.se/debian/testing.pl?package=rsync :
	trying to update rsync from 2.6.2-2 to 2.6.2-3 (candidate is 4 days old)
	rsync is not yet built on arm: 2.6.2-2 vs 2.6.2-3
and rsync is in the "needs build" queue for ARM indeed (see
http://www.buildd.net/buildd/arm_needs-build.txt). ARM is currently the port
that has the most problems keeping up (see
http://buildd.debian.org/stats/graph2-week-big.png), so it may take some
time yet before a fixed rsync is available for ARM, after which the fixed
package can percolate into sarge.

> If not, the Security hole will be open until the Security Team will be
> release a fixed package.

Adjusting the relevant report's status accordingly,
"When you are finished spreading joy on Christmas Eve, come and kick back
with me and Erwin for a while. [...] We'll provide the cocoa and cookies,
and we'll even teach you how to play Quake."
	From the Dust Puppy's letter to Santa Claus.

Reply to: