Date: Thu, 4 Dec 2003 15:12:38 +0100 (CET) From: Simon Barner <barner@in.tum.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: eik@FreeBSD.org Subject: ports/59952: [security update] [non-maintainer] rsync -> 2.5.7 Message-ID: <200312041412.hB4ECcmi008571@zi025.glhnet.mhn.de> Resent-Message-ID: <200312041420.hB4EKC6n047453@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 59952 >Category: ports >Synopsis: [security update] [non-maintainer] rsync -> 2.5.7 >Confidential: no >Severity: critical >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: update >Submitter-Id: current-users >Arrival-Date: Thu Dec 04 06:20:12 PST 2003 >Closed-Date: >Last-Modified: >Originator: Simon Barner >Release: FreeBSD 4.9-PRERELEASE i386 >Organization: >Environment: System: FreeBSD zi025.glhnet.mhn.de 4.9-PRERELEASE FreeBSD 4.9-PRERELEASE #1: Thu Sep 4 20:49:53 CEST 2003 simon@zi025.glhnet.mhn.de:/usr/src/sys/compile/KISTE i386 >Description: According to http://rsync.samba.org/, there is a remotely exploitable heap overflow in the rsync daemon. (This bug and a recent local Linux exploit were used to compromise one of the Gentoo project's rsync servers!) >How-To-Repeat: N/A >Fix: Index: rsync/Makefile =================================================================== RCS file: /home/ncvs/ports/net/rsync/Makefile,v retrieving revision 1.86 diff -u -r1.86 Makefile --- rsync/Makefile 16 Nov 2003 23:08:12 -0000 1.86 +++ rsync/Makefile 4 Dec 2003 14:05:35 -0000 @@ -7,8 +7,7 @@ # PORTNAME= rsync -PORTVERSION= 2.5.6 -PORTREVISION= 2 +PORTVERSION= 2.5.7 CATEGORIES= net ipv6 MASTER_SITES= ftp://samba.anu.edu.au/pub/rsync/ \ ftp://sunsite.auc.dk/pub/unix/rsync/ \ Index: rsync/distinfo =================================================================== RCS file: /home/ncvs/ports/net/rsync/distinfo,v retrieving revision 1.33 diff -u -r1.33 distinfo --- rsync/distinfo 28 Jan 2003 16:50:01 -0000 1.33 +++ rsync/distinfo 4 Dec 2003 14:05:35 -0000 @@ -1 +1 @@ -MD5 (rsync-2.5.6.tar.gz) = ec39fcea433df4d6a3a4e0896c655535 +MD5 (rsync-2.5.7.tar.gz) = 9b3ec929091d7849f42b973247918a55 >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200312041412.hB4ECcmi008571>