On Mon 01 May 2006, Jay Kline wrote: > Package: rsync > Version: 2.6.4-6 > Severity: grave > Tags: security > Justification: user security hole > > > Integer overflow in the receive_xattr function in the extended > attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers > to execute arbitrary code via crafted extended attributes that trigger a > buffer overflow.
Do you have reason to believe that Debian's rsync 2.6.4-6 has that patch applied? Paul Slootman -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
