Re: Serious rsync security issues

In reply to: Vincent Miller : "Re: Serious rsync security issues"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: paul beard <paulbeard_at_gmail.com>
Date: Fri, 17 Jan 2025 15:06:11 UTC

I just ran pkg update and rsync 3.4.0 was updated as part of that.

On Fri, Jan 17, 2025 at 6:55 AM Vincent Miller <vrwmiller@gmail.com> wrote:

>
>
> On Fri, Jan 17, 2025 at 6:49 AM Liam Proven <liam.proven@sitpub.com>
> wrote:
>
>> On Thu, 16 Jan 2025 at 23:16, Vincent Miller <vrwmiller@gmail.com> wrote:
>> >
>> > The port is at 3.4.1. If I'm not mistaken the vulnerabilities are in
>> 3.4.0.
>>
>> You _are_ mistaken. 3.4.0 was the version that fixed the issues.
>>
>
> I stand corrected. Appreciate the clarity.
>
>
> The most serious issue, CVSS 9.8, affects all versions since 3.2.7.
>> The other 5 affect all known versions.
>>
>
> Up to version 3.4.0?
>
> --
> Take care
> Vincent Miller
>


-- 
Paul Beard / www.paulbeard.org/