security bugs (?)
Lapo Luchini
lapo at lapo.it
Sat Sep 29 08:34:09 GMT 2007
As a Cygwin rsync package maintainer, the following security fixes have
been brought to my attention:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch
And while they seem "trusted" enough to me (present in many packages
such as Gentoo, FreeBSD and other; in bug lists such as Secunia...), I
am no rsync deep code knower, and I still wonder why there's no mention
in this mailing list or the homepage? Do the actual authors of rsync
think that those bugs has never been exploitable? If that's so, please
confirm it, thanks =)
Lapo
More information about the rsync
mailing list