From 1d7aa0267aee2815e6999ed0b5ec62ffe7fb06da Mon Sep 17 00:00:00 2001 From: Aldas Nabazas Date: Mon, 3 Mar 2008 08:51:48 +0100 Subject: [PATCH] Updated rsync (2.6.9 -> 3.0.0) : SECURITY - CRITICAL CVE-2007-4091 (Medium) : Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. CVE-2007-6199 (High) : rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy. CVE-2007-6200 (High) : Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options. --- network/rsync/rsync.desc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/network/rsync/rsync.desc b/network/rsync/rsync.desc index 86145d2d4..9d8a7897c 100644 --- a/network/rsync/rsync.desc +++ b/network/rsync/rsync.desc @@ -3,7 +3,7 @@ [COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch. [COPY] [COPY] Filename: package/.../rsync/rsync.desc -[COPY] Copyright (C) 2006 The OpenSDE Project +[COPY] Copyright (C) 2006 - 2008 The OpenSDE Project [COPY] Copyright (C) 2004 - 2006 The T2 SDE Project [COPY] Copyright (C) 1998 - 2004 Clifford Wolf [COPY] @@ -37,8 +37,8 @@ [L] GPL [S] Stable -[V] 2.6.9 +[V] 3.0.0 [P] X -?---5---9 118.200 -[D] 2975072070 rsync-2.6.9.tar.gz http://rsync.samba.org/ftp/rsync/ +[D] 1699870363 rsync-3.0.0.tar.gz http://rsync.samba.org/ftp/rsync/