Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted rsync 3.3.0+ds1-3 (source) into unstable
Date: Tue, 14 Jan 2025 18:49:18 +0000
Signed by: Samuel Henrique <samueloph@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jan 2025 15:40:14 +0000
Source: rsync
Architecture: source
Version: 3.3.0+ds1-3
Distribution: unstable
Urgency: critical
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Samuel Henrique <samueloph@debian.org>
Changes:
 rsync (3.3.0+ds1-3) unstable; urgency=critical
 .
   * Import upstream patches for CVE-2024-12084, CVE-2024-12085,
     CVE-2024-12086, CVE-2024-12087, CVE-2024-12088, CVE-2024-12747
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12084
        ~ 0001-Some-checksum-buffer-fixes.patch
        ~ 0002-Another-cast-when-multiplying-integers.patch
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12085
        ~ 0001-prevent-information-leak-off-the-stack.patch
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12086
        ~ 0001-refuse-fuzzy-options-when-fuzzy-not-selected.patch
        ~ 0002-added-secure_relative_open.patch
        ~ 0003-receiver-use-secure_relative_open-for-basis-file.patch
        ~ 0004-disallow-.-elements-in-relpath-for-secure_relative_o.patch
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12087
        ~ 0001-Refuse-a-duplicate-dirlist.patch
        ~ 0002-range-check-dir_ndx-before-use.patch
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12088
        ~ 0001-make-safe-links-stricter.patch
      - d/p/rsync-upstream-CVE-patches-v3/CVE-2024-12747
        ~ 0001-fixed-symlink-race-condition-in-sender.patch
      - d/p/rsync-upstream-CVE-patches-v3/version_update
        ~ 0001-raise-protocol-version-to-32.patch
        ~ 0002-change-version-to-3.4.0.patch
        ~ 0003-update-NEWS-for-3.4.0.patch
Checksums-Sha1:
 648f635c7507cd0be66707159a915b9f0d9fe08f 2077 rsync_3.3.0+ds1-3.dsc
 839a1ac7c4425d10032976b55e5c7811931d007d 985730 rsync_3.3.0+ds1.orig.tar.gz
 c462aa23238d2d09f3a8f56e635514ab8f3f2c37 39272 rsync_3.3.0+ds1-3.debian.tar.xz
 5bd7a1df817d889b4af0766a63704d554f267b9d 6809 rsync_3.3.0+ds1-3_amd64.buildinfo
Checksums-Sha256:
 2f4178f929951b764450fc245330c6655a560017c101b8de455660085ce83e59 2077 rsync_3.3.0+ds1-3.dsc
 8f528f7be28a1b46200b420be8e8cf9e47a61402b3105962ac2ad777ba56aaa2 985730 rsync_3.3.0+ds1.orig.tar.gz
 cff608a34a78edfdffdd29fdc18daaa5de24efe14b5d6b3f3543a1752e25bd82 39272 rsync_3.3.0+ds1-3.debian.tar.xz
 58986c85a08a0d8a0198332701bcf0f336cef49acf42213a0a3f58778e458a3a 6809 rsync_3.3.0+ds1-3_amd64.buildinfo
Files:
 227888a4506ed2008f362f081ef0434a 2077 net optional rsync_3.3.0+ds1-3.dsc
 3d12d9dad0804e62046db7a099627231 985730 net optional rsync_3.3.0+ds1.orig.tar.gz
 1d267267fab469ceb9f25994014de737 39272 net optional rsync_3.3.0+ds1-3.debian.tar.xz
 172e5bbf5ec6c70f1467a3d659e44964 6809 net optional rsync_3.3.0+ds1-3_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEv66eMxqGenyA2Ot49OSs27jQi+AFAmeFc6QACgkQ9OSs27jQ
i+AxvBAAsD0IDkw0HUCYSC0Lv05miDMCeBMQUeS1S9aS9N4eY+iIfT+P1OMddj2x
K7B81UgQmCbCRZqYCwjFHUJTkQXjX4wC7/SvxLERpm5pifKLYDxri+JW1qCI/na8
tqsTS98M3GOy8j3gLJkaQlZ6lq4x/qHSvellyHnmMSmR0TQUPBO9/MNmRpN1dMQ+
knuboTh2E6yB9qFjJNq4ENDj3s1CdoBClolUM3cyrjuK8gBsfU23J7AfcNP6Ehoo
iAJeczyONTtKUXhovR7bibPBjRg2YFZXYOE7HTT9lyzOB0M0d6PlR8S8kHWA6wzZ
Oeulux5RxuWCStmax5yaWqwb8Sinnouh00ACLxorG5amzTDrxRqy1OZHTiXO91ya
YZVMoOcKwwu3I8dEBffP+hIA7JnmZ/I0QG2n0OdCtCHqg5pZszV9H+nk/53iXO3i
iy+bdXAs52WZslC+afo8UZHAsCRHaKHyBrIpeLwbL9fHfkL7F3yu57qZcxgrCaNK
XwfhlOoFPXr3K82nvJuqu/an+4zM0rwsTLI1FtqBFVUVWi/zRFXLCi6B1RUqtvyZ
MWnTpht/Bd8xuwTH5s8gyXxVTlsRqYsvtCg64FS9gHZs6PsM8ETviHkas9s061bU
7TOalYcsPMJu7t9TNItfCvY8R3zvE1KktfP5vThK8Bwi53/2UeU=
=5zm2
-----END PGP SIGNATURE-----
News for package rsync
