Re: [DSA 1360-1] New rsync packages fix arbitrary code execution
-----BEGIN PGP SIGNED MESSAGE-----
Steve Kemp un jour écrivit:
> Sebastian Krahmer discovered that rsync, a fast remote file copy
> program, contains an off-by-one error which might allow remote
> attackers to execute arbitary code via long directory names.
> For the stable distribution (etch), this problem has been fixed
> in version 2.6.9-2etch1.
> Debian GNU/Linux 4.0 alias etch
> - --------------------------------
> Stable updates are available for alpha, amd64, arm, hppa, i386,
> ia64, mips, mipsel, powerpc, s390 and sparc.
There is no updated packages for Debian Etch PowerPC, contrarily
to what is stated on the previous line.
In case sec.deb.org/dists/etch/updates/main/binary-powerpc/Packages.gz
would not have been up to date, I searched in the email for the direct
link to the rsync_2.6.9-2etch1_powerpc.deb file, but realized the
whole section was also missing in the advisory.
Actually, the file have not been uploaded at all on security.debian.org
Is there again a problem with the build host or something?
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Linux PPC)
-----END PGP SIGNATURE-----