<html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style> </head> <body dir="ltr"> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> Alex,</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> I believe that OP is referring to the last set of CVEs listed here[1] announced on the 14th. So forgive me while I poke the thread with additional information. <span id="🙂">🙂 I think the original ask was about those.</span><br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> ------<br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> CVE-2022-37434 was announced on the 14th. And is patched already in Ubuntu [2].</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include as a security update for any of the releases at the time of review (see the details in the link).</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> ------</div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> Thomas<br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> <br> </div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> [1]: <a href="https://rsync.samba.org/security.html" id="LPNoLPOWALinkPreview">https://rsync.samba.org/security.html</a></div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> [2]: <a href="https://ubuntu.com/security/CVE-2022-37434" id="LPNoLPOWALinkPreview_1"> https://ubuntu.com/security/CVE-2022-37434</a></div> <div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof"> [3]: <a href="https://ubuntu.com/security/CVE-2022-29154">https://ubuntu.com/security/CVE-2022-29154</a><br> </div> <div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview_1 _EReadonly_1"></div> <br> <div class="_Entity _EType_OWALinkPreview _EId_OWALinkPreview _EReadonly_1"></div> <br> <div id="appendonsend"></div> <hr style="display:inline-block;width:98%" tabindex="-1"> <div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Ubuntu-devel-discuss <ubuntu-devel-discuss-bounces@lists.ubuntu.com> on behalf of Alex Murray <alex.murray@canonical.com><br> <b>Sent:</b> Thursday, August 25, 2022 9:52 PM<br> <b>To:</b> mynekeys@mail.de <mynekeys@mail.de>; ubuntu-devel-discuss@lists.ubuntu.com <ubuntu-devel-discuss@lists.ubuntu.com><br> <b>Subject:</b> Re: rsync - security error</font> <div> </div> </div> <div class="BodyFragment"><font size="2"><span style="font-size:11pt;"> <div class="PlainText">Hi<br> <br> In Ubuntu we generally do not upload new versions of packages once a<br> particular Ubuntu release is made. Instead when a security bug (CVE) is<br> announced, if the version of the particular package in that Ubuntu<br> release is affected, the security team will backport the patch which<br> fixes the bug to the older version of the package.<br> <br> As such, there are currently no known CVEs which have not been patched<br> for rsync in Ubuntu - you can see this by looking at:<br> <br> <a href="https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status=">https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status=</a><br> <br> Thanks,<br> Alex<br> <br> On Fri, 2022-08-19 at 21:05:42 +0200, mynekeys@mail.de wrote:<br> <br> ><br> > Hello,<br> ><br> > please provide a new version. The current one contains a security bug.<br> ><br> > The current one is 3.2.5.<br> > See: <a href="https://rsync.samba.org/">https://rsync.samba.org/</a><br> ><br> > Thank you<br> ><br> > -- <br> > Ubuntu-devel-discuss mailing list<br> > Ubuntu-devel-discuss@lists.ubuntu.com<br> > Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss"> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> <br> -- <br> Ubuntu-devel-discuss mailing list<br> Ubuntu-devel-discuss@lists.ubuntu.com<br> Modify settings or unsubscribe at: <a href="https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss"> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss</a><br> </div> </span></font></div> </body> </html>