-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Format: 1.7 Date: Mon, 03 Dec 2007 17:00:37 +0100 Source: rsync Binary: rsync Architecture: source i386 Version: 2.6.9-5.1 Distribution: unstable Urgency: high Maintainer: Paul Slootman <paul@debian.org> Changed-By: Nico Golde <nion@debian.org> Description: rsync - fast remote file copy program (like rcp) Closes: 453652 Changes: rsync (2.6.9-5.1) unstable; urgency=high . * Non-maintainer upload by testing-security team. * This update addresses the following security issues (Closes: #453652): - When "use chroot" option is disabled, a programming error can be exploited by a user to trick rsync into creating a symlink that points outside the module's hierarchy. - A programming error within the "exclude", "exclude from" and "filter" options can be exploited via a symlink attack to gain access to hidden files if the filename is known. Files: 28b881c85ed620afe5c103426fc49841 560 net optional rsync_2.6.9-5.1.dsc 61ea40dae091ed44153bbaa5a7424145 43173 net optional rsync_2.6.9-5.1.diff.gz 0b663b41fea99d27fe2c06a53783e0c8 258652 net optional rsync_2.6.9-5.1_i386.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFHVwOQHYflSXNkfP8RAmhvAJ0ZH0nIwWCdM35g+A9j6ZWMlZLMNACdETh7 C5ig0ObWVRIMIMZhjm9pWFM= =cTQF -----END PGP SIGNATURE----- Accepted: rsync_2.6.9-5.1.diff.gz to pool/main/r/rsync/rsync_2.6.9-5.1.diff.gz rsync_2.6.9-5.1.dsc to pool/main/r/rsync/rsync_2.6.9-5.1.dsc rsync_2.6.9-5.1_i386.deb to pool/main/r/rsync/rsync_2.6.9-5.1_i386.deb
