Re: Serious rsync security issues

In reply to: Vincent Miller : "Re: Serious rsync security issues"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Liam Proven <liam.proven_at_sitpub.com>
Date: Tue, 21 Jan 2025 14:36:56 UTC

On Fri, 17 Jan 2025 at 14:54, Vincent Miller <vrwmiller@gmail.com> wrote:
>>
>> You _are_ mistaken. 3.4.0 was the version that fixed the issues.
>
> I stand corrected. Appreciate the clarity.

:-)

>> The most serious issue, CVSS 9.8, affects all versions since 3.2.7.
>> The other 5 affect all known versions.
>
> Up to version 3.4.0?

Up to but not including.

If it helps, I happen to know versions because I wrote a story on it:

https://www.theregister.com/2025/01/17/rsync_vulnerabilities/

-- 
Liam Proven ~ lproven@sitpub.com
Open Source Reporter, the Register ~ https://www.theregister.com/
Isle of Man tel: +44 7624 227612 ~ UK tel: +44 7939 087884 (*not* 24x7)
Czech tel: +420 702 829 053 (also WhatsApp/Telegram/Signal)