Your message dated Wed, 16 Apr 2014 15:20:35 +0000
with message-id <[email protected]>
and subject line Bug#744791: fixed in rsync 3.1.0-3
has caused the Debian Bug report #744791,
regarding rsync: CVE-2014-2855: Daemon infinite loop when no matched user in
secrets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
744791: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: rsync
Version: 3.1.0-1
Severity: grave
Tags: security upstream fixed-upstream
Hi
There is a DoS against a rsync daemon, for detail see [1,2]. There is
also an upstream fix at [3].
[1] https://bugs.launchpad.net/ubuntu/+source/rsync/+bug/1307230
[2] https://bugzilla.samba.org/show_bug.cgi?id=10551
[3]
https://git.samba.org/?p=rsync.git;a=commitdiff;h=0dedfbce2c1b851684ba658861fe9d620636c56a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: rsync
Source-Version: 3.1.0-3
We believe that the bug you reported is fixed in the latest version of
rsync, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Paul Slootman <[email protected]> (supplier of updated rsync package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 16 Apr 2014 16:21:23 +0200
Source: rsync
Binary: rsync
Architecture: source amd64
Version: 3.1.0-3
Distribution: unstable
Urgency: high
Maintainer: Paul Slootman <[email protected]>
Changed-By: Paul Slootman <[email protected]>
Description:
rsync - fast, versatile, remote (and local) file-copying tool
Closes: 744791
Changes:
rsync (3.1.0-3) unstable; urgency=high
.
* fix for CVE-2014-2855 - rsync denial of service
a remote client can send an invalid username and cause an infinite CPU
loop on the server child process.
closes:#744791
* added upstream signature for uscan usage
* changed package source format to 3.0 (quilt)
Checksums-Sha1:
b8bdaa9d71ad5956b449f692c72095d63012193d 1073 rsync_3.1.0-3.dsc
e17ab7cc56a0a862f33e57dfbeb7ea32cf5a7ba9 19648 rsync_3.1.0-3.debian.tar.xz
b0e5c69dbaf2f3a030456eae62fa15966be28f2d 345006 rsync_3.1.0-3_amd64.deb
Checksums-Sha256:
fe38982081d23a825a9268a701104ff9da76eda63fe571b9c3fe883f5f204351 1073
rsync_3.1.0-3.dsc
d41ef02859a0ac5efd7d808a9b8cf5a9d19447dadc84a71ee51f8943151502cd 19648
rsync_3.1.0-3.debian.tar.xz
18fe827feeab9ae3d65f5f17e8029b7da17aadd3854afd8b50fadec189fa0c1e 345006
rsync_3.1.0-3_amd64.deb
Files:
47d87e12d5a841ec41537cfde8b11050 1073 net optional rsync_3.1.0-3.dsc
5d98d300def18a3568559a5412bfefa1 19648 net optional rsync_3.1.0-3.debian.tar.xz
b99e15c9215b97d186d5ea4d2f9e3a0e 345006 net optional rsync_3.1.0-3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (GNU/Linux)
iEYEARECAAYFAlNOlc4ACgkQutvvqbTW3hOB6QCfalaJXYcuXE4JE9jTUidUaVC4
fZ4An2vAkhdVMxEOvnEbsIZU52v4PlsM
=ytWf
-----END PGP SIGNATURE-----
--- End Message ---
