TEMP-0786423-948688

NameTEMP-0786423-948688
Descriptionrsync collision attack
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs786423

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rsync (PTS)wheezy3.0.9-4vulnerable
wheezy (security)3.0.9-4+deb7u1vulnerable
jessie3.1.1-3vulnerable
jessie (security)3.1.1-3+deb8u1vulnerable
stretch3.1.2-1fixed
stretch (security)3.1.2-1+deb9u1fixed
buster, sid3.1.2-2.1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rsyncsource(unstable)3.1.2-1low786423

Notes

[jessie] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[squeeze] - rsync <no-dsa> (Minor issue, too instrusive to backport)
CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue
https://github.com/therealmik/rsync-collision
https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
https://lists.samba.org/archive/rsync/2015-May/030123.html

Search for package or bug name: Reporting problems