Univention Bugzilla – Bug 49371
rsync: Multiple issues (4.4)
Last modified: 2019-05-02 13:22:27 CEST
New Debian rsync 3.1.2-1+deb9u2A~4.4.0.201904290813 fixes: This update addresses the following issues: * Out-of-bounds pointer arithmetic in inffast.c (CVE-2016-9841) * Undefined left shift of negative number (CVE-2016-9842) * Big-endian out-of-bounds pointer (CVE-2016-9843)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/rsync_3.1.2-1+deb9u1A~4.3.0.201712221514.dsc +++ apt/ucs_4.4-0-errata4.4-0/source/rsync_3.1.2-1+deb9u2A~4.3.4.201904290751.dsc @@ -1,7 +1,12 @@ -3.1.2-1+deb9u1A~4.3.0.201712221514 [Fri, 22 Dec 2017 15:15:10 +0100] Univention builddaemon <buildd@univention.de>: +3.1.2-1+deb9u2A~4.3.4.201904290751 [Mon, 29 Apr 2019 07:56:17 +0200] Univention builddaemon <buildd@univention.de>: * UCS auto build. The following patches have been applied to the original source package 01_dirs_update_option + +3.1.2-1+deb9u2 [Fri, 15 Mar 2019 11:39:50 +0100] Paul Slootman <paul@debian.org>: + + * Apply CVEs from 2016 to the zlib code. + closes:#924509 3.1.2-1+deb9u1 [Sun, 10 Dec 2017 13:57:17 +0100] Salvatore Bonaccorso <carnil@debian.org>: <http://10.200.17.11/4.4-0/#2810444241190601521>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-0] 617a68c11d Bug #49371: rsync 3.1.2-1+deb9u2A~4.3.4.201904290751 doc/errata/staging/rsync.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+)
<http://errata.software-univention.de/ucs/4.4/67.html>