Hi!
I was pointed to rsync CVE-2022-29154 and noted that both Debian and Ubuntu didn't apply the fix on
the security repos. From what I can tell they've been treated as mild, seemingly in part due to an
assumption that clients rarely fetch data from untrusted servers?
At least in the context
Hi Samuel,
On Tue, Aug 02, 2022 at 09:30:07PM +0100, Samuel Henrique wrote:
> Hello Salvatore, thanks for reporting this.
>
> I've been following the discussions around this during the day and I
> did notice there were multiple commits related to it indeed.
>
> My take so far is that we should w
Hello Salvatore, thanks for reporting this.
I've been following the discussions around this during the day and I
did notice there were multiple commits related to it indeed.
My take so far is that we should wait a bit before releasing the fix
on unstable, as there might be regressions in the fix
Source: rsync
Version: 3.2.4-1
Severity: important
Tags: security upstream
X-Debbugs-Cc: car...@debian.org, Debian Security Team
Hi,
The following vulnerability was published for rsync.
CVE-2022-29154[0]:
| An issue was discovered in rsync before 3.2.5 that allows malicious
| remote servers to
4 matches
Mail list logo
