CVSROOT: /cvs
Module name: ports
Changes by: [email protected] 2020/01/27 13:27:11
Modified files:
net/rsync : Makefile
Added files:
net/rsync/patches: patch-zlib_crc32_c patch-zlib_inffast_c
patch-zlib_inflate_c patch-zlib_inftrees_c
Log message:
fix a few nasty bugs in rsync, made aware of it by Moritz Buhl
Those are registered as CVE-2016-9843, CVE-2016-9842, CVE-2016-9841,
CVE-2016-9840, but judging from the code, it's not even clear how to build
an exploit from this (mostly underspecified C behavior, plus it's deep
within zlib's streams).
So, don't get too alarmed about this.
Okay sthen@, naddy@
