rsync - security error

Alex Murray alex.murray at canonical.com
Mon Aug 29 00:24:19 UTC 2022 

On Fri, 2022-08-26 at 02:26:47 +0000, Thomas Ward wrote:

>
> Alex,
>
> I believe that OP is referring to the last set of CVEs listed here[1]
> announced on the 14th.  So forgive me while I poke the thread with
> additional information.  🙂  I think the original ask was about those.

No worries - thanks for the clarification 😀

>
> ------
>
> CVE-2022-37434 was announced on the 14th.  And is patched already in Ubuntu [2].
>
> CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include as a security update for any of the releases at the time of review (see the details in the link).
>
>
>
> ------
>
> Thomas
>
>
> [1]: https://rsync.samba.org/security.html
> [2]: https://ubuntu.com/security/CVE-2022-37434
> [3]: https://ubuntu.com/security/CVE-2022-29154
>
>
> ________________________________
> From: Ubuntu-devel-discuss <ubuntu-devel-discuss-bounces at lists.ubuntu.com> on behalf of Alex Murray <alex.murray at canonical.com>
> Sent: Thursday, August 25, 2022 9:52 PM
> To: mynekeys at mail.de <mynekeys at mail.de>; ubuntu-devel-discuss at lists.ubuntu.com <ubuntu-devel-discuss at lists.ubuntu.com>
> Subject: Re: rsync - security error
>
> Hi
>
> In Ubuntu we generally do not upload new versions of packages once a
> particular Ubuntu release is made. Instead when a security bug (CVE) is
> announced, if the version of the particular package in that Ubuntu
> release is affected, the security team will backport the patch which
> fixes the bug to the older version of the package.
>
> As such, there are currently no known CVEs which have not been patched
> for rsync in Ubuntu - you can see this by looking at:
>
> https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status=
>
> Thanks,
> Alex
>
> On Fri, 2022-08-19 at 21:05:42 +0200, mynekeys at mail.de wrote:
>
>>
>> Hello,
>>
>> please provide a new version. The current one contains a security bug.
>>
>> The current one is 3.2.5.
>> See: https://rsync.samba.org/
>>
>> Thank you
>>
>> --
>> Ubuntu-devel-discuss mailing list
>> Ubuntu-devel-discuss at lists.ubuntu.com
>> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
>
> --
> Ubuntu-devel-discuss mailing list
> Ubuntu-devel-discuss at lists.ubuntu.com
> Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss

More information about the Ubuntu-devel-discuss mailing list