From:
[email protected]
Package: rsync
Version: 2.6.2-2
Severity: grave
Tags: security upstream fixed-upstream patch
Justification: user security hole
The rsync team has announced a new security bug which affects daemon
mode:
<
http://samba.org/rsync/#security_aug04>
The patch is reproduced below (module whitespace)
--- orig/util.c 2004-04-27 12:59:37 -0700
+++ util.c 2004-08-11 23:37:27 -0700
@@ -743,7 +743,7 @@
allowdotdot = 1;
} else {
p += 2;
- if (*p == '/')
+ while (*p == '/')
p++;
if (sanp != start) {
/* back up sanp one level */
--
To UNSUBSCRIBE, email to
[email protected]
with a subject of "unsubscribe". Trouble? Contact
[email protected]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)