FS#75486 : [security] [rsync] CVE-2022-29154

FS#75486 - [security] [rsync] CVE-2022-29154

Attached to Project: Arch Linux
Opened by T.J. Townsend (blakkheim) - Tuesday, 02 August 2022, 03:19 GMT
Last edited by Christian Hesse (eworm) - Thursday, 04 August 2022, 10:12 GMT

Task Type	Bug Report
Category	Packages: Extra
Status	Closed
Assigned To	Jelle van der Waa (jelly) Christian Hesse (eworm)
Architecture	All
Severity	High
Priority	Normal
Reported Version
Due in Version	Undecided
Due Date	Undecided
Percent Complete
Votes	1 Amin Vakil (aminvakil) (2022-08-02)
Private	No

Details

Description:
The rsync package is vulnerable to CVE-2022-29154, which is not yet in a non-preview release. The attached diff applies the upstream commit to fix it.

Additional info:
https://rsync.samba.org/ftp/rsync/NEWS#SECURITY_FIXES-3.2.5
https://github.com/WayneD/rsync/commit/b7231c7d02cfb65d291af74ff66e7d8c507ee871

rsync.diff (1.1 KiB)

This task depends upon

Closed by Christian Hesse (eworm)
Thursday, 04 August 2022, 10:12 GMT
Reason for closing: Fixed
Additional comments about closing: rsync 3.2.4-2

Comment by T.J. Townsend (blakkheim) - Wednesday, 03 August 2022, 22:15 GMT

Alternate version that uses an in-tree patch if that's preferred.

rsync.diff (1 KiB)

CVE-2022-29154.patch (10.2 KiB)

Comment by Christian Hesse (eworm) - Thursday, 04 August 2022, 10:12 GMT

Neither of both, let's take it straight from git. ;)

	Tasks related to this task (0)

Duplicate tasks of this task (0)

Arch Linux

FS#75486 - [security] [rsync] CVE-2022-29154

Details

Loading...