Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted rsync 3.2.3-4+deb11u2 (source) into oldstable-security
Date: Tue, 14 Jan 2025 19:10:22 +0000
Signed by: Thorsten Alteholz <alteholz@debian.org>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 12 Jan 2025 19:03:02 +0100
Source: rsync
Architecture: source
Version: 3.2.3-4+deb11u2
Distribution: bullseye-security
Urgency: high
Maintainer: Paul Slootman <paul@debian.org>
Changed-By: Thorsten Alteholz <debian@alteholz.de>
Changes:
 rsync (3.2.3-4+deb11u2) bullseye-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2024-12085
     prevent information leak off the stack
   * CVE-2024-12086
     - refuse fuzzy options when fuzzy not selected
     - added secure_relative_open()
     - receiver: use secure_relative_open() for basis file
     - disallow ../ elements in relpath for secure_relative_open
   * CVE-2024-12087
     - Refuse a duplicate dirlist.
     - range check dir_ndx before use
   * CVE-2024-12088
     make --safe-links stricter
   * CVE-2024-12747
     fixed symlink race condition in sender
Checksums-Sha1:
 46269bb5561daf8e31c0929630ffec9830db99d8 2422 rsync_3.2.3-4+deb11u2.dsc
 00823f43901e7da39f3f0daf20ec9efae47e959e 1069784 rsync_3.2.3.orig.tar.gz
 770d59f01d28374a3ff3603fefe524589a4f3237 195 rsync_3.2.3.orig.tar.gz.asc
 bf8a7b76a3adeeccbacf1a9793a37e16bef2fe6e 37460 rsync_3.2.3-4+deb11u2.debian.tar.xz
 6b6997b93c5ca0f2f49f2c542d86b188e0bd863b 6164 rsync_3.2.3-4+deb11u2_source.buildinfo
Checksums-Sha256:
 dc65d8ca2842eca447a698d0d29c9af31a3670bec2185324a155a9bfafe628c4 2422 rsync_3.2.3-4+deb11u2.dsc
 becc3c504ceea499f4167a260040ccf4d9f2ef9499ad5683c179a697146ce50e 1069784 rsync_3.2.3.orig.tar.gz
 2e363382a60e7faa6762f560756cc0f3b8116c313eea7fe5fbfc5fed5b2f4f74 195 rsync_3.2.3.orig.tar.gz.asc
 6258b12dbf727fa6daaf5b00ecd69866ecb50c0e9e7909a222a5cd75ac06ddab 37460 rsync_3.2.3-4+deb11u2.debian.tar.xz
 86b1d800eb01ccedff4f3682a08dc1beba697fb6887778b069f16ad556d9f4b7 6164 rsync_3.2.3-4+deb11u2_source.buildinfo
Files:
 c2242399e23dac649c47a50969789eb1 2422 net optional rsync_3.2.3-4+deb11u2.dsc
 209f8326f5137d8817a6276d9577a2f1 1069784 net optional rsync_3.2.3.orig.tar.gz
 64bb0b6f7331b8535f44e1383156a515 195 net optional rsync_3.2.3.orig.tar.gz.asc
 2bc9e735966bbbbf2cc1381accf65f84 37460 net optional rsync_3.2.3-4+deb11u2.debian.tar.xz
 298bdab142289530f68340dbd591a684 6164 net optional rsync_3.2.3-4+deb11u2_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKnBAEBCgCRFiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAmeGs9dfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcTHGRlYmlhbkBh
bHRlaG9sei5kZQAKCRCW/KwNOHtYR+E9EACAERNIrWEMbxtbp3o2caLPKnj/XRaG
oyHbmrUrUZDL73/ejh5oQwN+Dy/rjeDJ6KR/NJycnNfO0WHAiTglXTCY7rr+bTO3
nyfn8TJ5uLRfzzR1PVT8gwgEghfl9qfI3+InK5V2gQDYLpluQnLKsZBHKTRHBX1t
lcvbBDuVDY2JX40WUYOei9lRrwhf1fWHELSmA50za3ddQjPPfU7VsvHf5HN59fyG
qUJYbq8mV4uVdJK6yMCySlsBI4qHwILqePu44kI28DLPv0RGLeHxnYeWUyAvxiPF
KJ1bnBP8qqbQds7rWZ4t+Z3W+Nv3/sJMx2NLT6C2+bmc/oOL/5f/V8dHM5j9ql0O
kykq4NWRW7ITu4bRBL6kf6EQjLbN/xz2K8WOz6kh/uc497ciMETHr/JzImIpERCK
M1HCBoFycbFlXXZE+SdYHN7m+ySFv5XP0fpaoM5xJy8hNTX1IkCDJw9TaZwtRhP4
41zWg8EJykghtYPtqVcU9iTVWi9v4DYcsQAIJysuHuJXmRVED59yhd5PaCISnI7k
Or/utkS4jwPHWG78dVybAv5sJ3DyVDS/nDU4GLboTCVkMte9pgmSHNTeXkNaKOtn
I1bM7geBpx4Kh6lercA6xpIcA9WzPPWk3amkl/V2ZpfGqxgK2aSmxIWl872Nr6WQ
Iqn5lq3mjO2Nng==
=62Lm
-----END PGP SIGNATURE-----
News for package rsync
