Date: Fri, 17 Jan 2025 07:06:11 -0800 From: paul beard <paulbeard@gmail.com> Cc: "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: Serious rsync security issues Message-ID: <CAMtcK2oWgXsCE3PxNPqHTX%2BjbqC=MV05R=ByOw79BM3SnPkZ2Q@mail.gmail.com> In-Reply-To: <CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg@mail.gmail.com> References: <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com> <CAHzLAVFZzDKSnMDdzoLPOzY2q-8uNHPWutmvU97zXYS2vc9Zrw@mail.gmail.com> <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme%2B6dLN7RWTCsZMj7uw@mail.gmail.com> <CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--0000000000000e2950062be84100 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable I just ran pkg update and rsync 3.4.0 was updated as part of that. On Fri, Jan 17, 2025 at 6:55=E2=80=AFAM Vincent Miller <vrwmiller@gmail.com= > wrote: > > > On Fri, Jan 17, 2025 at 6:49=E2=80=AFAM Liam Proven <liam.proven@sitpub.c= om> > wrote: > >> On Thu, 16 Jan 2025 at 23:16, Vincent Miller <vrwmiller@gmail.com> wrote= : >> > >> > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are in >> 3.4.0. >> >> You _are_ mistaken. 3.4.0 was the version that fixed the issues. >> > > I stand corrected. Appreciate the clarity. > > > The most serious issue, CVSS 9.8, affects all versions since 3.2.7. >> The other 5 affect all known versions. >> > > Up to version 3.4.0? > > -- > Take care > Vincent Miller > --=20 Paul Beard / www.paulbeard.org/ --0000000000000e2950062be84100 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <div dir=3D"ltr">I just ran pkg update and rsync 3.4.0 was updated as part = of that.=C2=A0</div><br><div class=3D"gmail_quote gmail_quote_container"><d= iv dir=3D"ltr" class=3D"gmail_attr">On Fri, Jan 17, 2025 at 6:55=E2=80=AFAM= Vincent Miller <<a href=3D"mailto:vrwmiller@gmail.com">vrwmiller@gmail.= com</a>> wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"marg= in:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-l= eft-color:rgb(204,204,204);padding-left:1ex"><div dir=3D"ltr"><div dir=3D"l= tr"><br></div><br><div class=3D"gmail_quote"><div dir=3D"ltr" class=3D"gmai= l_attr">On Fri, Jan 17, 2025 at 6:49=E2=80=AFAM Liam Proven <<a href=3D"= mailto:liam.proven@sitpub.com" target=3D"_blank">liam.proven@sitpub.com</a>= > wrote:<br></div><blockquote class=3D"gmail_quote" style=3D"margin:0px = 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;border-left-col= or:rgb(204,204,204);padding-left:1ex">On Thu, 16 Jan 2025 at 23:16, Vincent= Miller <<a href=3D"mailto:vrwmiller@gmail.com" target=3D"_blank">vrwmil= ler@gmail.com</a>> wrote:<br> ><br> > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are = in 3.4.0.<br> <br> You _are_ mistaken. 3.4.0 was the version that fixed the issues.<br></block= quote><div><br></div><div>I stand corrected. Appreciate the clarity.<br></d= iv><div><br></div><div><br></div><blockquote class=3D"gmail_quote" style=3D= "margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-style:solid;bor= der-left-color:rgb(204,204,204);padding-left:1ex">The most serious issue, C= VSS 9.8, affects all versions since 3.2.7.<br> The other 5 affect all known versions.<br></blockquote><div><br></div><div>= Up to version 3.4.0?</div><div><br></div></div><span class=3D"gmail_signatu= re_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_signature"><div di= r=3D"ltr">Take care<br>Vincent Miller</div></div></div> </blockquote></div><div><br clear=3D"all"></div><div><br></div><span class= =3D"gmail_signature_prefix">-- </span><br><div dir=3D"ltr" class=3D"gmail_s= ignature">Paul Beard / <a href=3D"http://www.paulbeard.org/" target=3D"_bla= nk">www.paulbeard.org/</a><br></div> --0000000000000e2950062be84100--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAMtcK2oWgXsCE3PxNPqHTX%2BjbqC=MV05R=ByOw79BM3SnPkZ2Q>