Univention Bugzilla – Full Text Bug Listing |
Summary: | rsync: Multiple issues (4.2) | ||
---|---|---|---|
Product: | UCS | Reporter: | Quality Assurance <qa> |
Component: | Security updates | Assignee: | Quality Assurance <qa> |
Status: | CLOSED FIXED | QA Contact: | Philipp Hahn <hahn> |
Severity: | normal | ||
Priority: | P3 | ||
Version: | UCS 4.2 | ||
Target Milestone: | UCS 4.2-5-errata | ||
Hardware: | All | ||
OS: | Linux | ||
What kind of report is it?: | Security Issue | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: | 6.3 (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L) |
Description
Quality Assurance
2019-03-26 08:04:21 CET
--- mirror/ftp/4.2/unmaintained/4.2-4/source/rsync_3.1.1-3+deb8u1A~4.2.3.201801251012.dsc +++ apt/ucs_4.2-0-errata4.2-5/source/rsync_3.1.1-3+deb8u2A~4.2.5.201903260804.dsc @@ -1,7 +1,26 @@ -3.1.1-3+deb8u1A~4.2.3.201801251012 [Thu, 25 Jan 2018 10:20:24 +0100] Univention builddaemon <buildd@univention.de>: +3.1.1-3+deb8u2A~4.2.5.201903260804 [Tue, 26 Mar 2019 08:04:31 +0100] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01_dirs_update_option + +3.1.1-3+deb8u2 [Sun, 24 Mar 2019 19:03:02 +0100] Thorsten Alteholz <debian@alteholz.de>: + + * Non-maintainer upload by the LTS Team. + * CVE-2016-9840 + In order to avoid undefined behavior, remove offset pointer + optimization, as this is not compliant with the C standard. + * CVE-2016-9841 + Only use post-increment to be compliant with the C standard. + * CVE-2016-9842 + In order to avoid undefined behavior, do not shift negative values, + as this is not compliant with the C standard. + * CVE-2016-9843 + In order to avoid undefined behavior, do not pre-decrement a pointer in + big-endian CRC calculation, as this is not compliant with the C standard. + * CVE-2018-5764 + Prevent remote attackers from being able to bypass the + argument-sanitization protection mechanism by ignoring --protect-args + when already sent by client. 3.1.1-3+deb8u1 [Sun, 10 Dec 2017 14:08:49 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.2-5/#2975977654560436824> OK: yaml OK: announce_errata OK: patch OK: piuparts [4.2-5] ca5e62dd3f Bug #49093: rsync 3.1.1-3+deb8u2A~4.2.5.201903260804 doc/errata/staging/rsync.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) [4.2-5] 99950126ff Bug #49093: rsync 3.1.1-3+deb8u2A~4.2.5.201903260804 doc/errata/staging/rsync.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) |