As a Cygwin rsync package maintainer, the following security fixes have been brought to my attention:
http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-stats-fix.patch http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/rsync/files/rsync-2.6.9-fname-obo.patch And while they seem "trusted" enough to me (present in many packages such as Gentoo, FreeBSD and other; in bug lists such as Secunia...), I am no rsync deep code knower, and I still wonder why there's no mention in this mailing list or the homepage? Do the actual authors of rsync think that those bugs has never been exploitable? If that's so, please confirm it, thanks =) Lapo -- To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
