Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 17 Jan 2025 16:18:53 +0100
From:      Ralf Mardorf <ralf-mardorf@riseup.net>
To:        questions@freebsd.org
Subject:   Re: Serious rsync security issues
Message-ID:  <bf88ec8be42020f09f2f1b7d7b432a6d21cc0469.camel@riseup.net>
In-Reply-To: <398c151770891c5b4d51e32a586dcd255303d47a.camel@riseup.net>
References:   <wZLuLkwazDCoRo0ZPIV8GRbRz_nELAq5DJlWTSWe3bXHAwG1tNABShCEL8zfFkAh9viyhGnNf1QvPnJcpWRuTbqMUE8tRD5XURUWrUaoTVs=@protonmail.com> <CAHzLAVFZzDKSnMDdzoLPOzY2q-8uNHPWutmvU97zXYS2vc9Zrw@mail.gmail.com> <CAJgUTdkMRvdH4JempSmpeeq2eTOnKWvme%2B6dLN7RWTCsZMj7uw@mail.gmail.com> <CAHzLAVGSu_PECgL4VCkM=GLHaz20c7hBkNkV8y-VBO-d5Vb3qg@mail.gmail.com> <398c151770891c5b4d51e32a586dcd255303d47a.camel@riseup.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Fri, 2025-01-17 at 16:13 +0100, Ralf Mardorf wrote:
> On Fri, 2025-01-17 at 09:54 -0500, Vincent Miller wrote:
> > Up to version 3.4.0?
>=20
> Regarding the Arch Linux Announce Mailing List < 3.4.0, but >=3D 3.4.0
> is not affected [1].
>=20
> [1]
> -------- Forwarded Message --------
> From: Arch Linux: Recent news updates: Robin Candau
> <arch-announce@lists.archlinux.org>
> To: arch-announce@lists.archlinux.org
> Subject: [arch-announce] Critical rsync security release 3.4.0
> Date: 01/16/2025 04:33:43 PM
>=20
> [snip]
>=20
> We highly advise anyone who runs an rsync daemon or client prior to
> version `3.4.0-1` to upgrade and reboot their systems immediately.
>=20
> [snip]

Disclaimer: Maybe Arch Linux does patch the version of the Arch package
3.4.0-1.

Seemingly there is no patch:
https://gitlab.archlinux.org/archlinux/packaging/packages/rsync/-/tree/3.4.=
0-1?ref_type=3Dtags
But there were some regressions
https://gitlab.archlinux.org/archlinux/packaging/packages/rsync/-/tree/3.4.=
0-2?ref_type=3Dtags
and there's a new release
https://gitlab.archlinux.org/archlinux/packaging/packages/rsync/-/tree/3.4.=
1-1?ref_type=3Dtags

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bf88ec8be42020f09f2f1b7d7b432a6d21cc0469.camel>