TEMP-0786423-948688

NameTEMP-0786423-948688
Descriptionrsync collision attack
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs786423

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rsync (PTS)bullseye3.2.3-4+deb11u1fixed
bookworm3.2.7-1fixed
trixie3.3.0-1fixed
sid3.3.0+ds1-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rsyncsource(unstable)3.1.2-1low786423

Notes

[jessie] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[squeeze] - rsync <no-dsa> (Minor issue, too instrusive to backport)
CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue
https://github.com/therealmik/rsync-collision
https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
https://lists.samba.org/archive/rsync/2015-May/030123.html

Search for package or bug name: Reporting problems