FS#75486 - [security] [rsync] CVE-2022-29154

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 02 August 2022, 03:19 GMT
Last edited by Christian Hesse (eworm) - Thursday, 04 August 2022, 10:12 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To Jelle van der Waa (jelly)
Christian Hesse (eworm)
Architecture All
Severity High
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No


The rsync package is vulnerable to CVE-2022-29154, which is not yet in a non-preview release. The attached diff applies the upstream commit to fix it.

Additional info:
This task depends upon

Closed by  Christian Hesse (eworm)
Thursday, 04 August 2022, 10:12 GMT
Reason for closing:  Fixed
Additional comments about closing:  rsync 3.2.4-2
Comment by T.J. Townsend (blakkheim) - Wednesday, 03 August 2022, 22:15 GMT
Alternate version that uses an in-tree patch if that's preferred.
Comment by Christian Hesse (eworm) - Thursday, 04 August 2022, 10:12 GMT
Neither of both, let's take it straight from git. ;)