Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#44175 - [librsync][CVE-2014-8242]MD4 collision file corruption
Attached to Project:
Community Packages
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:29 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 16 March 2015, 00:16 GMT
Opened by Christian Rebischke (Shibumi) - Friday, 13 March 2015, 15:29 GMT
Last edited by Evangelos Foutras (foutrelis) - Monday, 16 March 2015, 00:16 GMT
|
DetailsSummary
======= Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync. References =========== https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-8242 http://www.openwall.com/lists/oss-security/2014/07/28/1 http://www.openwall.com/lists/oss-security/2014/10/13/2 |
This task depends upon
Closed by Evangelos Foutras (foutrelis)
Monday, 16 March 2015, 00:16 GMT
Reason for closing: Fixed
Additional comments about closing: librsync 1.0.0-1
Monday, 16 March 2015, 00:16 GMT
Reason for closing: Fixed
Additional comments about closing: librsync 1.0.0-1
I'll close this task once it moves to [community].