-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 18 Dec 2024 17:11:25 +0100
Source: rsync
Architecture: source
Version: 3.2.7-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Paul Slootman <
paul@debian.org>
Changed-By: Salvatore Bonaccorso <
carnil@debian.org>
Changes:
rsync (3.2.7-1+deb12u1) bookworm-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Some checksum buffer fixes. (CVE-2024-12084)
* Another cast when multiplying integers. (CVE-2024-12084)
* prevent information leak off the stack (CVE-2024-12085)
* refuse fuzzy options when fuzzy not selected (CVE-2024-12086)
* added secure_relative_open() (CVE-2024-12086)
* receiver: use secure_relative_open() for basis file (CVE-2024-12086)
* disallow ../ elements in relpath for secure_relative_open (CVE-2024-12086)
* Refuse a duplicate dirlist. (CVE-2024-12087)
* range check dir_ndx before use (CVE-2024-12087)
* make --safe-links stricter (CVE-2024-12088)
* fixed symlink race condition in sender (CVE-2024-12747)
* raise protocol version to 32
Checksums-Sha1:
7051b58d340034be5a808b72d36c4d81e48d2dae 2476 rsync_3.2.7-1+deb12u1.dsc
0729ee0cd5e7e609510583ce4768a6170a7a9de7 1149787 rsync_3.2.7.orig.tar.gz
86d55b75f7529d20965e5482770d2d5414022745 195 rsync_3.2.7.orig.tar.gz.asc
d7285b57a6d7e4c2818cd7ca26fc2a3350a19633 35140 rsync_3.2.7-1+deb12u1.debian.tar.xz
a05e09d533db998eb641fe42165e9be2004ef603 7110 rsync_3.2.7-1+deb12u1_source.buildinfo
Checksums-Sha256:
899d7765e127ccf712ba71d45f750162bd15ac97ba3bd39180487ebabed39ce6 2476 rsync_3.2.7-1+deb12u1.dsc
4e7d9d3f6ed10878c58c5fb724a67dacf4b6aac7340b13e488fb2dc41346f2bb 1149787 rsync_3.2.7.orig.tar.gz
8e054b8e852f371fbcb757de51f1a07de5621ae959ea766d3c3e5439d7b5f4ae 195 rsync_3.2.7.orig.tar.gz.asc
cdbfcddc0e9f3193f2996a58f43162147cbc9b6597899c09213ba55ee5efb503 35140 rsync_3.2.7-1+deb12u1.debian.tar.xz
d20f98fd9c0a3da4a5f347ca6007fccaefefe3e3d31b8206c34e277421e01928 7110 rsync_3.2.7-1+deb12u1_source.buildinfo
Files:
0581e61ba6d5a3cac3289bcbb64618d8 2476 net optional rsync_3.2.7-1+deb12u1.dsc
f216f350ef56b9ba61bc313cb6ec2ed6 1149787 net optional rsync_3.2.7.orig.tar.gz
e133a77fbb1dca548863a7f0543b8087 195 net optional rsync_3.2.7.orig.tar.gz.asc
ca88e4e7d9b9e41324fdb79e48c12bb1 35140 net optional rsync_3.2.7-1+deb12u1.debian.tar.xz
baae17669302d5a4b1fb269a4b228ddc 7110 net optional rsync_3.2.7-1+deb12u1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmdi/uBfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89E9D0P/j+jUBhQ8rP9CPv7TODuN+upaXBEadnU yygtJ7bLx6wzyCcaRy6QvgLxc3Z/s4NBzHLsBLvimjO5zVwUhOxgd4erg/e5NWTv Q8nmo2EkNpcp9vd7ocvuYvWw1KAwYpIVMH/kaNBaOMZwezaOpEG/efFYBinegKff +Ms7f+Omnz6qQUgRuxMuA3FsXN0J8XplR6XHW26vl97XNEjA3b+CfNpZM8pD0Dsq S8HcHt2O9nCFHJMSKPl1Xvu0sPpHjN8rhM7xhlfvAG9lpKfsFf9c0+In2qgPAoCu uwvW4/bkQjNm5lwpNOzi98gooKI8sjCpeKIix0WxpXwmYEncMQoDzsHLgvXzNRuk kKdbn4zmIFQB1lNU8BgM22v6Xa6gJ440Pbpy+SQcu5GMo2S+P8U1WRAyblCm7FfH KR55oD9odtUJpj+jZ0oJlEaALYMU2CARVDMZBGjNMQVHyKoc+S1X5saxN/pGXqWr 9h1uKvdf+L1GtT9R08lY2GmVkBKszvln9+xSYM9obHUPWVXI+6SHPiFgNGD7rNtQ sNedRL/izA2eI/lKjD1M72mw1D3nDby6oY0q1BB4YiS/EC9xNe/QsPM3cm38LJsq 6zKEW7pHd9qAjkRMO4DWfFJeHg7oZ+uUPSbWyk3pIIklWDvNktTnBj/w508HQtWB
1jgbh9CYQRCO
=TKh/
-----END PGP SIGNATURE-----
--==============630955818287936820=Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
iHUEABYIAB0WIQTziqJOuF8J+ZI8pJSb9qggYcy5IQUCZ4enRAAKCRCb9qggYcy5 ITw8AQCuTFfH/ZTVOEeEm3zfIvOv1e6n5gpHnoftqZaQIcgHlgEAz5/kd8npxARP LX1SdpTdeDiewbaabTYcfepn4qsWOAE=FjlH
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)