Date: 24 Jan 2002 02:14:39 +0200 From: Maxim Sobolev <sobomax@FreeBSD.org> To: Robert Watson <rwatson@FreeBSD.org> Cc: "David E. O'Brien" <obrien@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org, security-officer@FreeBSD.org Subject: Re: cvs commit: ports/net/rsync Makefile ports/net/rsync/files patch-251-secfix Message-ID: <1011831273.264.49.camel@notebook> In-Reply-To: <Pine.NEB.3.96L.1020123190443.49432B-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1020123190443.49432B-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-6qhrSCgRLmiuoxYY7ta8 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Thu, 2002-01-24 at 02:05, Robert Watson wrote: > This might need a ports security advisory, especially since the ports > freeze for RELENG_4_5 has already happened.=20 I think our package-meisters will apply the black magick necessary to include that fix into 4.5. Nevertheless, security advisory is a must because rsync is a very popular beast. -Maxim > Robert N M Watson FreeBSD Core Team, TrustedBSD Project > robert@fledge.watson.org NAI Labs, Safeport Network Services >=20 > On Wed, 23 Jan 2002, David E. O'Brien wrote: >=20 > > obrien 2002/01/23 15:32:21 PST > >=20 > > Modified files: > > net/rsync Makefile=20 > > Added files: > > net/rsync/files patch-251-secfix=20 > > Log: > > Fix a signedness security vunerability discovered by Todd@openbsd.org= where > > rsync was not sufficiently careful about reading integers from the ne= twork. > > This is fixed in the rsync CVS repo by a patch from Sebastian Krahmer > > <krahmer@suse.de>. > > =20 > > Submitted by: naddy > > Approved by: steve > > Obtained from: rsync CVS repo > > =20 > > Revision Changes Path > > 1.61 +1 -0 ports/net/rsync/Makefile > > 1.1 +315 -0 ports/net/rsync/files/patch-251-secfix (new) > >=20 >=20 >=20 --=-6qhrSCgRLmiuoxYY7ta8 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQA8T1HooNu5t4iCBa8RAq+cAJ9t3vwtyxLawu0uwFeWBaDvnyeP7gCfTRrl jCGptE6AwhNWkEXO+2SfLXY= =OVRz -----END PGP SIGNATURE----- --=-6qhrSCgRLmiuoxYY7ta8-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1011831273.264.49.camel>