[CVS] OpenPKG: openpkg-web/security/ OpenPKG-SA-2004.025-rsync.txt

Fri, 21 May 2004 09:20:17 -0700 

  OpenPKG CVS Repository
  http://cvs.openpkg.org/
  ____________________________________________________________________________

  Server: cvs.openpkg.org                  Name:   Thomas Lotterer
  Root:   /e/openpkg/cvs                   Email:  [EMAIL PROTECTED]
  Module: openpkg-web                      Date:   21-May-2004 18:20:21
  Branch: HEAD                             Handle: 2004052117202000

  Modified files:
    openpkg-web/security    OpenPKG-SA-2004.025-rsync.txt

  Log:
    release OpenPKG Security Advisory 2004.025 (rsync)

  Summary:
    Revision    Changes     Path
    1.2         +13 -3      openpkg-web/security/OpenPKG-SA-2004.025-rsync.txt
  ____________________________________________________________________________

  patch -p0 <<'@@ .'
  Index: openpkg-web/security/OpenPKG-SA-2004.025-rsync.txt
  ============================================================================
  $ cvs diff -u -r1.1 -r1.2 OpenPKG-SA-2004.025-rsync.txt
  --- openpkg-web/security/OpenPKG-SA-2004.025-rsync.txt        21 May 2004 16:06:27 
-0000      1.1
  +++ openpkg-web/security/OpenPKG-SA-2004.025-rsync.txt        21 May 2004 16:20:20 
-0000      1.2
  @@ -1,3 +1,6 @@
  +-----BEGIN PGP SIGNED MESSAGE-----
  +Hash: SHA1
  +
   ________________________________________________________________________
   
   OpenPKG Security Advisory                            The OpenPKG Project
  @@ -18,11 +21,11 @@
   Dependent Packages:  none
   
   Description:
  -  According to a rsync [0] security advisory [1] versions before
  +  According to a Rsync [0] security advisory [1], versions before
     2.6.1 do not properly sanitize paths when running as a read/write
  -  daemon without using chroot. This allows remote attackers to write
  +  daemon without using chroot(2). This allows remote attackers to write
     files outside of the module's path. The OpenPKG default is to run
  -  a read-only daemon using chroot. The Common Vulnerabilities and
  +  a read-only daemon using chroot(2). The Common Vulnerabilities and
     Exposures (CVE) project assigned the id CAN-2004-0426 [2] to the
     problem.
   
  @@ -71,3 +74,10 @@
   for details on how to verify the integrity of this advisory.
   ________________________________________________________________________
   
  +-----BEGIN PGP SIGNATURE-----
  +Comment: OpenPKG <[EMAIL PROTECTED]>
  +
  +iD8DBQFArivtgHWT4GPEy58RAnEFAJ44zlK748Yrc6UT/1a1iIESRxJJ+wCePQFs
  +NmRw90v1Pry2EhTfrDO2D+U=
  +=zbta
  +-----END PGP SIGNATURE-----
  @@ .
______________________________________________________________________
The OpenPKG Project                                    www.openpkg.org
CVS Repository Commit List                     [EMAIL PROTECTED]

Reply via email to