rsync - security error

Thomas Ward teward at thomas-ward.net
Fri Aug 26 02:26:47 UTC 2022 

Alex,

I believe that OP is referring to the last set of CVEs listed here[1] announced on the 14th.  So forgive me while I poke the thread with additional information.  🙂  I think the original ask was about those.

------

CVE-2022-37434 was announced on the 14th.  And is patched already in Ubuntu [2].

CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include as a security update for any of the releases at the time of review (see the details in the link).



------

Thomas


[1]: https://rsync.samba.org/security.html
[2]: https://ubuntu.com/security/CVE-2022-37434
[3]: https://ubuntu.com/security/CVE-2022-29154


________________________________
From: Ubuntu-devel-discuss <ubuntu-devel-discuss-bounces at lists.ubuntu.com> on behalf of Alex Murray <alex.murray at canonical.com>
Sent: Thursday, August 25, 2022 9:52 PM
To: mynekeys at mail.de <mynekeys at mail.de>; ubuntu-devel-discuss at lists.ubuntu.com <ubuntu-devel-discuss at lists.ubuntu.com>
Subject: Re: rsync - security error

Hi

In Ubuntu we generally do not upload new versions of packages once a
particular Ubuntu release is made. Instead when a security bug (CVE) is
announced, if the version of the particular package in that Ubuntu
release is affected, the security team will backport the patch which
fixes the bug to the older version of the package.

As such, there are currently no known CVEs which have not been patched
for rsync in Ubuntu - you can see this by looking at:

https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status=

Thanks,
Alex

On Fri, 2022-08-19 at 21:05:42 +0200, mynekeys at mail.de wrote:

>
> Hello,
>
> please provide a new version. The current one contains a security bug.
>
> The current one is 3.2.5.
> See: https://rsync.samba.org/
>
> Thank you
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

--
Ubuntu-devel-discuss mailing list
Ubuntu-devel-discuss at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20220826/0d7e5342/attachment-0001.html>

More information about the Ubuntu-devel-discuss mailing list