This is the mail archive of the cygwin-apps mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [UPLOAD] rsync-2.6.9-1


On 8/27/2007 1:50 PM, Lapo Luchini wrote:
http://cyberx.lapo.it/cygwin/lighttpd/setup.hint (unchanged)
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1.tar.bz2
http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-1-src.tar.bz2

Would it make sense to include the patch from http://c-skills.blogspot.com/2007/08/cve-2007-4091.html in the 2.6.9 release to fix the off-by-one errors that could lead remote code execution?[*]


I'm sorry for not noticing this before rsync was uploaded. I have a local build of 2.6.9 with the patch applied that's been working fine for me for a while.

[*] http://secunia.com/advisories/26493/

--
David Rothenberger  ----  daveroth@acm.org

optimist, n:
        A bagpiper with a beeper.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]