zlib issues
Christoph.Gentsch at dlr.de
Christoph.Gentsch at dlr.de
Wed Mar 13 12:46:08 UTC 2019
Hi,
I just had a look at the rysnc code (master branch) and realized, that
there is a copy of the zlib included. So I checked if the CVEs from 2016
are patched in this, and NOPE! they arent!
This means rsync still has those vulnerabilities of zlib in the current
release:
https://security-tracker.debian.org/tracker/CVE-2016-9840
https://security-tracker.debian.org/tracker/CVE-2016-9841
https://security-tracker.debian.org/tracker/CVE-2016-9842
https://security-tracker.debian.org/tracker/CVE-2016-9843
I already informed the debian security team about this and they
suggested me to inform you, so here it is :)
Best regards,
Christoph Gentsch
More information about the rsync
mailing list