From owner-cvs-all  Wed Jan 23 16: 5:31 2002
Delivered-To: cvs-all@freebsd.org
Received: from fledge.watson.org (fledge.watson.org [204.156.12.50])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6FDB337B400; Wed, 23 Jan 2002 16:05:23 -0800 (PST)
Received: from fledge.watson.org (fledge.pr.watson.org [192.0.2.3])
	by fledge.watson.org (8.11.6/8.11.5) with SMTP id g0O05GD49532;
	Wed, 23 Jan 2002 19:05:16 -0500 (EST)
	(envelope-from robert@fledge.watson.org)
Date: Wed, 23 Jan 2002 19:05:16 -0500 (EST)
From: Robert Watson <rwatson@FreeBSD.org>
X-Sender: robert@fledge.watson.org
To: "David E. O'Brien" <obrien@FreeBSD.org>
Cc: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org,
	security-officer@FreeBSD.org
Subject: Re: cvs commit: ports/net/rsync Makefile ports/net/rsync/files         patch-251-secfix
In-Reply-To: <200201232332.g0NNWLr73861@freefall.freebsd.org>
Message-ID: <Pine.NEB.3.96L.1020123190443.49432B-100000@fledge.watson.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cvs-all@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-all.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-all>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-all>
X-Loop: FreeBSD.ORG

This might need a ports security advisory, especially since the ports
freeze for RELENG_4_5 has already happened. 

Robert N M Watson             FreeBSD Core Team, TrustedBSD Project
robert@fledge.watson.org      NAI Labs, Safeport Network Services

On Wed, 23 Jan 2002, David E. O'Brien wrote:

> obrien      2002/01/23 15:32:21 PST
> 
>   Modified files:
>     net/rsync            Makefile 
>   Added files:
>     net/rsync/files      patch-251-secfix 
>   Log:
>   Fix a signedness security vunerability discovered by Todd@openbsd.org where
>   rsync was not sufficiently careful about reading integers from the network.
>   This is fixed in the rsync CVS repo by a patch from Sebastian Krahmer
>   <krahmer@suse.de>.
>   
>   Submitted by:   naddy
>   Approved by:    steve
>   Obtained from:  rsync CVS repo
>   
>   Revision  Changes    Path
>   1.61      +1 -0      ports/net/rsync/Makefile
>   1.1       +315 -0    ports/net/rsync/files/patch-251-secfix (new)
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message