[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DSA 1360-1] New rsync packages fix arbitrary code execution

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Steve Kemp un jour écrivit:
>
> Sebastian Krahmer discovered that rsync, a fast remote file copy
> program, contains an off-by-one error which might allow remote
> attackers to execute arbitary code via long directory names.
>
> For the stable distribution (etch), this problem has been fixed
> in version 2.6.9-2etch1.
>

> Debian GNU/Linux 4.0 alias etch
> - --------------------------------
>
> Stable updates are available for alpha, amd64, arm, hppa, i386,
> ia64, mips, mipsel, powerpc, s390 and sparc.
>

  There is no updated packages for Debian Etch PowerPC, contrarily
to what is stated on the previous line.


  In case sec.deb.org/dists/etch/updates/main/binary-powerpc/Packages.gz
would not have been up to date, I searched in the email for the direct
link to the rsync_2.6.9-2etch1_powerpc.deb file, but realized the
whole section was also missing in the advisory.

Actually, the file have not been uploaded at all on security.debian.org


  Is there again a problem with the build host or something?


Simon Valiquette


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (Linux PPC)

iD8DBQFG1HZDJPE+P+aMAJIRAwJPAKCmLg7fUG0YSywkQexoPL+L3JpQtACgs20s
DuKsOulPJx4bGfArpN101zE=
=yuFl
-----END PGP SIGNATURE-----
Reply to: