Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#8164 - Security bug in rsync
Attached to Project:
Arch Linux
Opened by Hussam Al-Tayeb (hussam) - Saturday, 29 September 2007, 21:57 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 30 September 2007, 10:59 GMT
Opened by Hussam Al-Tayeb (hussam) - Saturday, 29 September 2007, 21:57 GMT
Last edited by Tobias Powalowski (tpowa) - Sunday, 30 September 2007, 10:59 GMT
|
Details http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
"Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function. " I'll attach the suse fix. |
This task depends upon
Comment by Hussam Al-Tayeb (hussam) -
Saturday, 29 September 2007, 21:58 GMT
Attached suse fix for this issue.
rsync-2.6.9-fname-obo.diff
(1.3 KiB)