Updated rsync (2.6.9 -> 3.0.0) : SECURITY - CRITICAL

CVE-2007-4091 (Medium) : Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. CVE-2007-6199 (High) : rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6200 (High) : Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.
17 years ago · 1d7aa0267a
1 changed files with 3 additions and 3 deletions
--- a/network/rsync/rsync.desc
+++ b/network/rsync/rsync.desc
@ -3,7 +3,7 @@
 [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
 [COPY]
 [COPY] Filename: package/.../rsync/rsync.desc
-[COPY] Copyright (C) 2006 The OpenSDE Project
+[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project
 [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project
 [COPY] Copyright (C) 1998 - 2004 Clifford Wolf
 [COPY]
@ -37,8 +37,8 @@

 [L] GPL
 [S] Stable
-[V] 2.6.9
+[V] 3.0.0
 [P] X -?---5---9 118.200

-[D] 2975072070 rsync-2.6.9.tar.gz http://rsync.samba.org/ftp/rsync/
+[D] 1699870363 rsync-3.0.0.tar.gz http://rsync.samba.org/ftp/rsync/