Hi,
On Fri, Jan 17, 2025 at 03:27:26AM +0100, poc...@homemail.com wrote:
> Actually the last patched debian rsync version is still vulnerable
> https://kb.cert.org/vuls/id/952657
>
> rsync 3.4.1 is the latest version that fixes the issues.
That page was last updated 15 January whereas the fixes that went out in
upstream rsync release 3.4.1 were backported to Debian stable in version
3.2.7-1+deb12u2 which was released 16 January.
You can verify this at:
https://security-tracker.debian.org/tracker/source-package/rsync
Thanks,
Andy
--
https://bitfolk.com/ -- No-nonsense VPS hosting
