-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Dec 2017 14:08:49 +0100 Source: rsync Binary: rsync Architecture: source Version: 3.1.1-3+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Paul Slootman <paul@debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 880954 883665 883667 Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.1.1-3+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Enforce trailing \0 when receiving xattr name values (CVE-2017-16548) (Closes: #880954) * Check fname in recv_files sooner (CVE-2017-17433) (Closes: #883667) * Sanitize xname in read_ndx_and_attrs (CVE-2017-17434) (Closes: #883665) * Check daemon filter against fnamecmp in recv_files() (CVE-2017-17434) (Closes: #883665) Checksums-Sha1: 36aef3abc85ce55f994380f83c51a6e54b01872d 1873 rsync_3.1.1-3+deb8u1.dsc c84faba04f721d393feccfa0476bfeed9b5b5250 890124 rsync_3.1.1.orig.tar.gz 076c9642d082013269046ec8c70a79c3f36125b1 23456 rsync_3.1.1-3+deb8u1.debian.tar.xz Checksums-Sha256: c7a26e1e02df66d25ced84be25058bb9f33427c11dec6bd0ede494236c582f51 1873 rsync_3.1.1-3+deb8u1.dsc 7de4364fcf5fe42f3bdb514417f1c40d10bbca896abe7e7f2c581c6ea08a2621 890124 rsync_3.1.1.orig.tar.gz 1d1d20db2ed8fca8c9c9a3a46b099b6ac75a354e8e380eed6e284824f072f935 23456 rsync_3.1.1-3+deb8u1.debian.tar.xz Files: 4fda47312f2460dc33eb599e1b8ba253 1873 net optional rsync_3.1.1-3+deb8u1.dsc 43bd6676f0b404326eee2d63be3cdcfe 890124 net optional rsync_3.1.1.orig.tar.gz 7472c784b2976ce997ee8d668c58f9f1 23456 net optional rsync_3.1.1-3+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlotNnRfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EaB4QAKH6lyCH5t435EG+uTwx+ATdgYXkA3dH pL93YbH8gXPsaXYWKdvWRvGDruMaifeVd7wLe6u4ExHDbZg1zgNBBetlwVZXfjan l6oBu2GM4XsmK4FJmkDDNahdeu1gOxew+nvZB4DKlXXVMKY74WbNt7vCqm8gmEcG r6FGIzOnpoE4vo6f5zB2K5OhVNSY+RMWA1BA1krW9PkPRgaqwMhus/4qeAi7xLhF Aw9zzaLirvS37RjytS9Zbj7QD4Gh9k3v7q45YNGgRmMc2j12q/T4YbL6owVIgMdO vkEZ8SaW4lIj2FD0CXkM0pfTnsqOrtZVE2SIoOZDaG9NeYFDXl8vYFfxKC4gutOQ x7FXAVnaOBY5JosVcBLH1qnLeI71ahoXJukjEdMeXcSezdCznWm7L97ttZZ3m3VN FjLAlAK0VTSA84sJ5Sxq2y4HuZA1pU8F5iB3KzMyPrKzmJzNfKlu8IplNfYyWz28 cAec80JE8y7e71FD/tJPT0pqVjx+Y1x0voB+S8x6pLVKY+BR6AiMDnKNm/g3b5EH ND+XOlxWEbMNGEIXrZ7hx5kouk6s3FMx6ZYDZR3oezkQjXRMuYvHFPaWvto1O3pi WbxVKHVD0/6YT2AG2ZPBD66atIj1y+GO3Pgj57Qt10KzNMvErJGNQJrKa5k3zhxC MvafHuikUCLP =kBYW -----END PGP SIGNATURE-----