Date: Fri, 17 Jan 2025 09:54:23 -0500 From: Vincent Miller <vrwmiller@gmail.com> To: Liam Proven <liam.proven@sitpub.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Serious rsync security issues Message-ID: <CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg@mail.gmail.com> In-Reply-To: <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme%2B6dLN7RWTCsZMj7uw@mail.gmail.com> References: <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com> <CAHzLAVFZzDKSnMDdzoLPOzY2q-8uNHPWutmvU97zXYS2vc9Zrw@mail.gmail.com> <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme%2B6dLN7RWTCsZMj7uw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--000000000000c68924062be8168d Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, Jan 17, 2025 at 6:49=E2=80=AFAM Liam Proven <liam.proven@sitpub.com= > wrote: > On Thu, 16 Jan 2025 at 23:16, Vincent Miller <vrwmiller@gmail.com> wrote: > > > > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are in > 3.4.0. > > You _are_ mistaken. 3.4.0 was the version that fixed the issues. > I stand corrected. Appreciate the clarity. The most serious issue, CVSS 9.8, affects all versions since 3.2.7. > The other 5 affect all known versions. > Up to version 3.4.0? --=20 Take care Vincent Miller --000000000000c68924062be8168d Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g= mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jan 17,= 2025 at 6:49=E2=80=AFAM Liam Proven <<a href=3D"mailto:liam.proven@sitp= ub.com">liam.proven@sitpub.com</a>> wrote:<br></div><blockquote class=3D= "gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;borde= r-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">On = Thu, 16 Jan 2025 at 23:16, Vincent Miller <<a href=3D"mailto:vrwmiller@g= mail.com" target=3D"_blank">vrwmiller@gmail.com</a>> wrote:<br> ><br> > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are = in 3.4.0.<br> <br> You _are_ mistaken. 3.4.0 was the version that fixed the issues.<br></block= quote><div><br></div><div>I stand corrected. Appreciate the clarity.<br></d= iv><div><br></div><div><br></div><blockquote class=3D"gmail_quote" style=3D= "margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;bor= der-left-color:rgb(204,204,204);padding-left:1ex">The most serious issue, C= VSS 9.8, affects all versions since 3.2.7.<br> The other 5 affect all known versions.<br></blockquote><div><br></div><div>= Up to version 3.4.0?</div><div><br></div></div><span class=3D"gmail_signatu= re_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div di= r=3D"ltr">Take care<br>Vincent Miller</div></div></div> --000000000000c68924062be8168d--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg>