tags 304366 pending thanks On Tue, Apr 12, 2005 at 07:37:29PM +0200, Moritz Muehlenhoff wrote: > Quoting a recent rsnapshot security advisory fully available at > http://www.rsnapshot.org/security/2005/001.html: > 1.2.1 fixes this issue.
The upstream author has informed me in advance of that security issue, and the 1.2.1-1 deb is already in the process of uploading. It currently awaits the OK of my sponsor. Meanwhile you can use the deb which is offered on http://rsnapshot.org/downloads which is the one to be uploaded. It might be worth mentioning that debian is not affected by this security issue, at least in the default configuration. The problem is in a part of the code which is a workaround for a missing GNU cp. As debians cp _is_ GNU cp the following line in rsnapshot.conf is uncommented by default: cmd_cp /bin/cp There is no reason to comment that line on a debian installation, so only few debian users might be affected. Christoph
pgpYUv7KXBCqP.pgp
Description: PGP signature
