zlib issues

Christoph.Gentsch at dlr.de Christoph.Gentsch at dlr.de
Wed Mar 13 12:46:08 UTC 2019


Hi,

I just had a look at the rysnc code (master branch) and realized, that
there is a copy of the zlib included. So I checked if the CVEs from 2016
are patched in this, and NOPE! they arent!

This means rsync still has those vulnerabilities of zlib in the current
release:

https://security-tracker.debian.org/tracker/CVE-2016-9840

https://security-tracker.debian.org/tracker/CVE-2016-9841

https://security-tracker.debian.org/tracker/CVE-2016-9842

https://security-tracker.debian.org/tracker/CVE-2016-9843


I already informed the debian security team about this and they
suggested me to inform you, so here it is :)

Best regards,

Christoph Gentsch




More information about the rsync mailing list