Debian Package Tracker

From: Thorsten Alteholz <debian@alteholz.de>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted rsync 3.1.1-3+deb8u2 (source amd64) into oldstable
Date: Sun, 24 Mar 2019 18:50:13 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 24 Mar 2019 19:03:02 +0100
Source: rsync
Binary: rsync
Architecture: source amd64
Version: 3.1.1-3+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.1.1-3+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2016-9840
     In order to avoid undefined behavior, remove offset pointer
     optimization, as this is not compliant with the C standard.
   * CVE-2016-9841
     Only use post-increment to be compliant with the C standard.
   * CVE-2016-9842
     In order to avoid undefined behavior, do not shift negative values,
     as this is not compliant with the C standard.
   * CVE-2016-9843
     In order to avoid undefined behavior, do not pre-decrement a pointer in
     big-endian CRC calculation, as this is not compliant with the C standard.
   * CVE-2018-5764
     Prevent remote attackers from being able to bypass the
     argument-sanitization protection mechanism by ignoring --protect-args
     when already sent by client.
Checksums-Sha1:
 98780678ddd57100dc4ec73b28dd99c66b0dc222 1877 rsync_3.1.1-3+deb8u2.dsc
 c84faba04f721d393feccfa0476bfeed9b5b5250 890124 rsync_3.1.1.orig.tar.gz
 b228ca764840c15e9df32d3e5d129d322e5a8126 26352 rsync_3.1.1-3+deb8u2.debian.tar.xz
 7df26080afc4498fd2c0576afbba66d80f0c8d46 390126 rsync_3.1.1-3+deb8u2_amd64.deb
Checksums-Sha256:
 6594fe1394317b5da0145ad3fa793d1fdc2796412d2debd306c9b3f2e61c1cd2 1877 rsync_3.1.1-3+deb8u2.dsc
 7de4364fcf5fe42f3bdb514417f1c40d10bbca896abe7e7f2c581c6ea08a2621 890124 rsync_3.1.1.orig.tar.gz
 79b5b67ec75cd91c21ccd5b2c54b6122425ce14cca7b60cefa8b96e5f2288875 26352 rsync_3.1.1-3+deb8u2.debian.tar.xz
 54c11e2b8e06aeb51445e208ea6e1e41f7ed4d9395340ec08a1e6ea7625d079e 390126 rsync_3.1.1-3+deb8u2_amd64.deb
Files:
 51f232bf002d97eb5f93e10f6d7bddd3 1877 net optional rsync_3.1.1-3+deb8u2.dsc
 43bd6676f0b404326eee2d63be3cdcfe 890124 net optional rsync_3.1.1.orig.tar.gz
 65678ac5e2073306774e61976a4ce70f 26352 net optional rsync_3.1.1-3+deb8u2.debian.tar.xz
 8c879a27f8e4dff177b5ba591479e7bf 390126 net optional rsync_3.1.1-3+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAlyXzS1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYRwxYD/9mwmb8uRJ/j2uTPQQnBj2swzKSsJ+K
a8zOP2UNffugzfsBUP8uLeXvyVghsDL1q1mWIQhujQtxmd1Da1sWsEFRsQhfKAj2
m0zn3oeo8jz+gRsPm99kJyorMx+PzRdhgosEZQYb2HVQr3pX3eX2yebb/MSF1S1m
lSSXPF8GkcAfprVYBFy+aGAzobpTOY/ZYSEC0FXEKtcNVLS9UnkwlsHHGbycfsLv
Dt4FVI075k1itikq2BRdv+H1zlAWfPdwNST3N9CX9NZiugQFSPu/nQsZzNtb8BXA
KmXwSNH8fnqusfMC6fCuZGyjqEpT7SGfi2L+B6lMFse5a1iK9LFmO163GjSH6ZJq
q7J9MWaesk0F/wQeErqQpYOAtDLKOXlpD2c9g3YIM8VS0zxBrAiHYd1GGS6LQX0k
sHhFEfT0vrLI2VzZjWPfoVLIB8on6bmbVw8nfpgTmscNhJqQxWDzVZsGufBeaPpX
zHwQDcy+thogVp01WOVjakezVZ8P2szA6blogizEsWtkOOSGXRLS7z8DkkDsT0MK
0Q875GXr/5QoQZq3dJ1WrcHXtaBe4HonBMCDLjxLTuEO57iP0c+htLExvNHXVGqd
cOuJAJBSHS7MuXHPVWLx3pEH/HcqQIoWBgAWhLXCLqtGdugVOu8P7NYagc23SmL9
NsQvSx5jWacfAg==
=VYBw
-----END PGP SIGNATURE-----
News for package rsync
