From nobody Fri Jan 17 14:54:23 2025
X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4YZN700Txqz5l4GL
	for <freebsd-questions@mlmmj.nyi.freebsd.org>; Fri, 17 Jan 2025 14:54:36 +0000 (UTC)
	(envelope-from vrwmiller@gmail.com)
Received: from mail-yb1-xb33.google.com (mail-yb1-xb33.google.com [IPv6:2607:f8b0:4864:20::b33])
	(using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "smtp.gmail.com", Issuer "WR4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4YZN6z5k2Qz3tw8
	for <freebsd-questions@freebsd.org>; Fri, 17 Jan 2025 14:54:35 +0000 (UTC)
	(envelope-from vrwmiller@gmail.com)
Authentication-Results: mx1.freebsd.org;
	none
Received: by mail-yb1-xb33.google.com with SMTP id 3f1490d57ef6-e573136107bso3786185276.3
        for <freebsd-questions@freebsd.org>; Fri, 17 Jan 2025 06:54:35 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1737125675; x=1737730475; darn=freebsd.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=CAScehW6iwqVtqhtIqWSXRzWdSLYjBZG23M0El0jt0E=;
        b=cJFyxjTZWndyrHCIf7enbzv4HtZfrSvmKd5tz9Ky6fUNbZAYG5DrNxBmzgi9kmrwKq
         b1cnOe4JYcju6L7SKPjHM4kU2zHe06TeCYXSbKdo0Ja+56gQQgLsDOv0PFZyXOaGXwvb
         +x9vm3P14rmXdrERF99v4AJ3W5ea6CMmP1xlBpmaGGAZdca//B5qsEdcYRka6sAYZ5X9
         m6wF08H8v9mCpBdiSg71p3b3cVUZ14PcR1LqNXM0g0cGKewvdLusX2HWagvoN3PUKyGs
         JaH81ffOaLTBLIOqriU8oXSg1I25w7fBNlMD5wUS+ntOng/gNcXOaGdplzujKZ6AV4tj
         R9mA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1737125675; x=1737730475;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=CAScehW6iwqVtqhtIqWSXRzWdSLYjBZG23M0El0jt0E=;
        b=feigMiDLrniVD5wrdCJNFmQawPUTAuohaZtfMtRT48E8pG93y5bnFhC5G0Jg8HwzBc
         7/7sYYpwmPk6DzSzwep7We1aphJ0sSvvq9BOquetIKsGlz0hOCasTHDzeaqKySf/Pxzn
         8D+OjPc0JbB5hIYzqr9gn3KfFagNWmG2iZoY2Ufu4hwxh7vc6eYbXEP13z9x832+GV8Z
         IRtw6/OZ2j/CZj8Q/1SdN6wRcr2nzGaVfNwUUxKiaS+/fQVSRaKs9XsqtcG1Y8KfIJQ/
         MydV/l1yZBp54QLS65wrdWcjnSo5bmDu3ayqax3b1NjEk9ua2U0I557DxqM3jqyjUEc1
         iK4A==
X-Gm-Message-State: AOJu0YxxGnTlKwYAbUJu9FbWFC6SDNcst7I5J3Cq/Rbhxq9h2hlxsn+e
	yM1q87zMXft97KQxTE7Gkju6vb1rcxCygm+ODpenDUss9872rPGFCsi+oYeU1JloOUUOBJoRth7
	GSuywDqTEF4uDKtCIwmcDSM1OXXhLd1/X
X-Gm-Gg: ASbGncsBADcPD/4aHnMQLZsGxUkiWjYjwbZ6NtTCKZDrwOoZGKyHhbVP4TA7dKdPLId
	NMZLM+98gbb3nzbPPxhc/iqDKakCFK2iHDF4LA5w=
X-Google-Smtp-Source: AGHT+IF5JLsRgARk+bcUwyk/wZbNTw1Iyo5qFz8EnRHMQURfDluIx1UJ51gntopggQ+YppwdB51kDFyZghX3Y+7+I4k=
X-Received: by 2002:a05:6902:18c3:b0:e4a:9ef8:8059 with SMTP id
 3f1490d57ef6-e57b10727famr1823452276.29.1737125674777; Fri, 17 Jan 2025
 06:54:34 -0800 (PST)
List-Id: User questions <freebsd-questions.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-questions
List-Help: <mailto:questions+help@freebsd.org>
List-Post: <mailto:questions@freebsd.org>
List-Subscribe: <mailto:questions+subscribe@freebsd.org>
List-Unsubscribe: <mailto:questions+unsubscribe@freebsd.org>
X-BeenThere: freebsd-questions@freebsd.org
Sender: owner-freebsd-questions@FreeBSD.org
MIME-Version: 1.0
References: <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com>
 <CAHzLAVFZzDKSnMDdzoLPOzY2q-8uNHPWutmvU97zXYS2vc9Zrw@mail.gmail.com> <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme+6dLN7RWTCsZMj7uw@mail.gmail.com>
In-Reply-To: <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme+6dLN7RWTCsZMj7uw@mail.gmail.com>
From: Vincent Miller <vrwmiller@gmail.com>
Date: Fri, 17 Jan 2025 09:54:23 -0500
X-Gm-Features: AbW1kval9QJQlPZHBfgEsp_ogG4gzFA4-93sNajvPvnbUWEX7GjH0rYK1HmpN0I
Message-ID: <CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg@mail.gmail.com>
Subject: Re: Serious rsync security issues
To: Liam Proven <liam.proven@sitpub.com>
Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>
Content-Type: multipart/alternative; boundary="000000000000c68924062be8168d"
X-Rspamd-Queue-Id: 4YZN6z5k2Qz3tw8
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]

--000000000000c68924062be8168d
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Fri, Jan 17, 2025 at 6:49=E2=80=AFAM Liam Proven <liam.proven@sitpub.com=
> wrote:

> On Thu, 16 Jan 2025 at 23:16, Vincent Miller <vrwmiller@gmail.com> wrote:
> >
> > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are in
> 3.4.0.
>
> You _are_ mistaken. 3.4.0 was the version that fixed the issues.
>

I stand corrected. Appreciate the clarity.


The most serious issue, CVSS 9.8, affects all versions since 3.2.7.
> The other 5 affect all known versions.
>

Up to version 3.4.0?

--=20
Take care
Vincent Miller

--000000000000c68924062be8168d
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote g=
mail_quote_container"><div dir=3D"ltr" class=3D"gmail_attr">On Fri, Jan 17,=
 2025 at 6:49=E2=80=AFAM Liam Proven &lt;<a href=3D"mailto:liam.proven@sitp=
ub.com">liam.proven@sitpub.com</a>&gt; wrote:<br></div><blockquote class=3D=
"gmail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left-width:1px;borde=
r-left-style:solid;border-left-color:rgb(204,204,204);padding-left:1ex">On =
Thu, 16 Jan 2025 at 23:16, Vincent Miller &lt;<a href=3D"mailto:vrwmiller@g=
mail.com" target=3D"_blank">vrwmiller@gmail.com</a>&gt; wrote:<br>
&gt;<br>
&gt; The port is at 3.4.1. If I&#39;m not mistaken the vulnerabilities are =
in 3.4.0.<br>
<br>
You _are_ mistaken. 3.4.0 was the version that fixed the issues.<br></block=
quote><div><br></div><div>I stand corrected. Appreciate the clarity.<br></d=
iv><div><br></div><div><br></div><blockquote class=3D"gmail_quote" style=3D=
"margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;bor=
der-left-color:rgb(204,204,204);padding-left:1ex">The most serious issue, C=
VSS 9.8, affects all versions since 3.2.7.<br>
The other 5 affect all known versions.<br></blockquote><div><br></div><div>=
Up to version 3.4.0?</div><div><br></div></div><span class=3D"gmail_signatu=
re_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div di=
r=3D"ltr">Take care<br>Vincent Miller</div></div></div>

--000000000000c68924062be8168d--