Re: [WSO Core #5325] [SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access
tags 265662 + sarge
On Thu, Aug 19, 2004 at 10:23:56 +0200, Jan Wagner wrote:
> Does anybody know, if rsync 2.6.2-3 will reach sarge before it is
The current status: http://bjorn.haxx.se/debian/testing.pl?package=rsync :
trying to update rsync from 2.6.2-2 to 2.6.2-3 (candidate is 4 days old)
rsync is not yet built on arm: 2.6.2-2 vs 2.6.2-3
and rsync is in the "needs build" queue for ARM indeed (see
http://www.buildd.net/buildd/arm_needs-build.txt). ARM is currently the port
that has the most problems keeping up (see
http://buildd.debian.org/stats/graph2-week-big.png), so it may take some
time yet before a fixed rsync is available for ARM, after which the fixed
package can percolate into sarge.
> If not, the Security hole will be open until the Security Team will be
> release a fixed package.
Adjusting the relevant report's status accordingly,
"When you are finished spreading joy on Christmas Eve, come and kick back
with me and Erwin for a while. [...] We'll provide the cocoa and cookies,
and we'll even teach you how to play Quake."
From the Dust Puppy's letter to Santa Claus.