"rsync.project via rsync" <rsync@lists.samba.org> writes:
> We have just released version 3.4.0 of rsync. This release fixes 6 security
> vulnerabilities found by two
> groups of security researchers.
>
> You can find the new release links here:
>
> - https://rsync.samba.org/
> - https://download.samba.org/pub/rsync/src/
>
> For details on the vulnerabilities please see this CERT advisory:
>
> https://kb.cert.org/vuls/id/952657
The vulnerabilities note was only posted today; great job addressing it
so quickly
C. Mitrodimas
>
> The various distros should be doing security releases today
> Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at Google
> Cloud Vulnerability Research
> and Aleksei Gorban (Loqpa) for discovering these vulnerabilities and working
> with the rsync project to
> develop and test fixes.
>
> Also many thanks to Wayne Davison for assisting with the release process as
> this is the first release I've
> done since 2002 when Wayne took over as the rsync maintainer.
>
> Andrew Tridgell
> rsync maintainer (again!)
--
Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
