Information on source package rsync

Available versions

ReleaseVersion
jessie (security)3.1.1-3+deb8u1
stretch (security)3.1.2-1+deb9u1
buster3.1.2-2.2
sid3.1.2-2.2

Open issues

BugjessiestretchbustersidDescription
TEMP-0786423-948688vulnerable (no DSA)fixedfixedfixedrsync collision attack
CVE-2018-5764vulnerable (no DSA)vulnerable (no DSA)fixedfixedThe parse_arguments function in options.c in rsyncd in rsync before ...

Resolved issues

BugDescription
CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, ...
CVE-2017-17433The recv_files function in receiver.c in the daemon in rsync 3.1.2, and ...
CVE-2017-16548The receive_xattr function in xattrs.c in rsync 3.1.2 and ...
CVE-2017-15994rsync 3.1.3-development before 2017-10-24 mishandles archaic ...
CVE-2014-9512rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...
CVE-2014-2855The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...
CVE-2011-1097rsync 3.x before 3.0.8, when certain recursion, deletion, and ...
CVE-2008-1720Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute ...
CVE-2007-6200Unspecified vulnerability in rsync before 3.0.0pre6, when running a ...
CVE-2007-6199rsync before 3.0.0pre6, when running a writable rsync daemon that is ...
CVE-2007-4091Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...
CVE-2006-2083Integer overflow in the receive_xattr function in the extended ...
CVE-2005-2096zlib 1.2 and later versions allows remote attackers to cause a denial ...
CVE-2004-2093Buffer overflow in the open_socket_out function in socket.c for rsync ...
CVE-2004-0792Directory traversal vulnerability in the sanitize_path function in ...
CVE-2004-0426rsync before 2.6.1 does not properly sanitize paths when running a ...
CVE-2003-0962Heap-based buffer overflow in rsync before 2.5.7, when running in ...

Security announcements

DSA / DLADescription
DLA-1247-1rsync - security update
DLA-1218-1rsync - security update
DSA-4068-1rsync - security update
DSA-4068-1rsync - security update
DSA-1545-1rsync
DSA-1360-1rsync - arbitrary code execution
DSA-538rsync - unauthorised directory traversal and file access
DSA-499rsync - directory traversal
DSA-404rsync - heap overflow

Search for package or bug name: Reporting problems