On 2025/01/14 13:45, Stuart Henderson wrote: > CVSROOT: /cvs > Module name: ports > Changes by: [email protected] 2025/01/14 13:45:03 > > Modified files: > net/rsync : Makefile distinfo > net/rsync/patches: patch-rsyncd_conf_5 > Added files: > net/rsync/files: rrsync.1 > > Log message: > update to rsync-3.4.0
ok tb > > https://www.openwall.com/lists/oss-security/2025/01/14/3 > > - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. > - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. > - CVE-2024-12086 - Server leaks arbitrary client files. > - CVE-2024-12087 - Server can make client write files outside of destination > directory using symbolic links. > - CVE-2024-12088 - --safe-links Bypass. > - CVE-2024-12747 - symlink race condition. >
