On Fri, Nov 30, 2007 at 02:18:28PM +0100, Paul Slootman wrote:
> On Fri 30 Nov 2007, Nico Golde wrote:
>
> > attached is an NMU proposal to fix this bug just in case you
> > have no time to fix this.
>
> Is this based on upstream's patch?
>
> > For this I needed to backport the patch cause it w
Hi,
the following CVE ids were assigned to these
vulnerabilities:
CVE-2007-6200[0]:
| Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable
| rsync daemon, allows remote attackers to bypass exclude, exclude_from, and
| filter and read or write hidden files via (1) symlink, (
Hi Paul,
* Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 16:53]:
> On Fri 30 Nov 2007, Nico Golde wrote:
> > > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable
> > > version).
> >
> > http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff
> > if you mean this patch thi
Hi Paul,
pressed 'y' too fast so forgot the modified patch.
Here it is.
Cheers
Nico
--
Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
diff -Nurad rsync-2.6.9/clientserver.c rsync-2.6.9.new/clientserver.
On Fri 30 Nov 2007, Nico Golde wrote:
> >
> > There is a patch available for 2.6.9 (2.6.9-2etch1 is the current stable
> > version).
>
> http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff
> if you mean this patch this at least does not apply to the
> unstable version thats why I ported
Hi Paul,
sorry for the fuckup in the paste of the vulnerability, just
saw it in the BTS that its unformatted.
* Paul Slootman <[EMAIL PROTECTED]> [2007-11-30 14:42]:
> On Fri 30 Nov 2007, Nico Golde wrote:
>
> > attached is an NMU proposal to fix this bug just in case you
> > have no time to fi
On Fri 30 Nov 2007, Nico Golde wrote:
> attached is an NMU proposal to fix this bug just in case you
> have no time to fix this.
Is this based on upstream's patch?
> For this I needed to backport the patch cause it won't apply
> with the version in Debian.
There is a patch available for 2.6.9
Hi,
attached is an NMU proposal to fix this bug just in case you
have no time to fix this.
For this I needed to backport the patch cause it won't apply
with the version in Debian.
It will be also archived on:
http://people.debian.org/~nion/nmu-diff/rsync-2.6.4-6_2.6.4-6.1.patch
Kind regards
Ni
8 matches
Mail list logo