> Sent: Thursday, January 16, 2025 at 6:40 PM
> From: "David" <bouncingc...@gmail.com>
> To: "debian-user" <debian-user@lists.debian.org>
> Subject: A warning about rsync in stable: it became broken 3 days ago, is now
> fixed
>
> Hi,
>
> For anyone not subscribed to debian-security-announce mailing list:
>
> 1) You should subscribe to it :)
>
> 2) rsync received a security update 3 days ago [1] with multiple fixes.
>
> 3) But that update also introduced a regression in the rsync -H option
> (preserves hard links).
>
> 4) That regression is now fixed in bookworm [2]
>
> 5) That's all I know. I just thought it might be helpful to share this
> information here because it might affect people's backup systems.
>
> [1] https://lists.debian.org/debian-security-announce/2025/msg00004.html
> [2] https://lists.debian.org/debian-security-announce/2025/msg00006.html
Actually the last patched debian rsync version is still vulnerable
https://kb.cert.org/vuls/id/952657
rsync 3.4.1 is the latest version that fixes the issues.
