[packages/rsync] SECURITY fixes.
arekm
arekm at pld-linux.org
Thu Jan 16 01:59:13 CET 2025
commit 7b64530e5c58cb348cf93e278a2d8572478b1319
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Thu Jan 16 00:02:18 2025 +0100
SECURITY fixes.
3.4.0 fixes:
- CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing.
- CVE-2024-12085 - Info Leak via uninitialized Stack contents
defeats ASLR.
- CVE-2024-12086 - Server leaks arbitrary client files.
- CVE-2024-12087 - Server can make client write files outside of
destination directory using symbolic links.
- CVE-2024-12088 - safe-links Bypass.
- CVE-2024-12747 - symlink race condition.
rsync.spec | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
---
diff --git a/rsync.spec b/rsync.spec
index 4ed6eb8..44a4d62 100644
--- a/rsync.spec
+++ b/rsync.spec
@@ -17,15 +17,15 @@ Summary(uk.UTF-8): Програма для ефективного віддале
Summary(zh_CN.UTF-8): [通讯]传输工具
Summary(zh_TW.UTF-8): [喙啪]�$(B6G?i火(c�(B
Name: rsync
-Version: 3.3.0
+Version: 3.4.1
Release: 1
Epoch: 1
License: GPL v3+
Group: Networking/Utilities
-Source0: https://rsync.samba.org/ftp/rsync/%{name}-%{version}.tar.gz
-# Source0-md5: f5c17f9c9164ef9e60d9d8c96b23da06
-Source1: https://rsync.samba.org/ftp/rsync/%{name}-patches-%{version}.tar.gz
-# Source1-md5: 68e78b9d6aaf1e58f018685513b5a0c3
+Source0: https://download.samba.org/pub/rsync/src/%{name}-%{version}.tar.gz
+# Source0-md5: 04ce67866db04fd7a1cde0b78168406e
+Source1: https://download.samba.org/pub/rsync/%{name}-patches-%{version}.tar.gz
+# Source1-md5: cd0e33668013a7bdf36486b262921ab8
Source2: %{name}.inet
Source3: %{name}.init
Source4: %{name}.sysconfig
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/rsync.git/commitdiff/7b64530e5c58cb348cf93e278a2d8572478b1319
More information about the pld-cvs-commit
mailing list