Univention Bugzilla – Bug 54176
rsync: Multiple issues (4.4)
Last modified: 2021-12-01 16:07:24 CET
New Debian rsync 3.1.2-1+deb9u3A~4.4.8.202112011122 fixes: This update addresses the following issue: * sanitization bypass in parse_argument in options.c (CVE-2018-5764)
--- mirror/ftp/4.4/unmaintained/4.4-1/source/rsync_3.1.2-1+deb9u2A~4.3.4.201904290751.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/rsync_3.1.2-1+deb9u3A~4.4.8.202112011122.dsc @@ -1,7 +1,14 @@ -3.1.2-1+deb9u2A~4.3.4.201904290751 [Mon, 29 Apr 2019 07:56:17 +0200] Univention builddaemon <buildd@univention.de>: +3.1.2-1+deb9u3A~4.4.8.202112011122 [Wed, 01 Dec 2021 11:29:21 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01_dirs_update_option + +3.1.2-1+deb9u3 [Mon, 29 Nov 2021 23:19:20 +0200] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + * CVE-2018-5764: Remote attackers were able to bypass the + argument-sanitization protection mechanism by passing + additional --protect-args. 3.1.2-1+deb9u2 [Fri, 15 Mar 2019 11:39:50 +0100] Paul Slootman <paul@debian.org>: <http://piuparts.knut.univention.de/4.4-8/#7455176244862979314>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 99dd174ba5 Bug #54176: rsync 3.1.2-1+deb9u3A~4.4.8.202112011122 doc/errata/staging/rsync.yaml | 12 ++++++++++++ 1 file changed, 12 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1115>