Hi Paul, sorry for the fuckup in the paste of the vulnerability, just saw it in the BTS that its unformatted.
* Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 14:42]: > On Fri 30 Nov 2007, Nico Golde wrote: > > > attached is an NMU proposal to fix this bug just in case you > > have no time to fix this. > > Is this based on upstream's patch? Yes. > > For this I needed to backport the patch cause it won't apply > > with the version in Debian. > > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable > version). http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff if you mean this patch this at least does not apply to the unstable version thats why I ported it. I have not checked if this does apply to the stable version. > 2.6.4 is "oldstable". I think first priority is the stable version... Yes. As I am only in the testing security team and thus handling testing and unstable issues please contact [EMAIL PROTECTED] to check if this is worth a DSA. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgp0wLyJlYj5L.pgp
Description: PGP signature