ubuntu/+source/rsync:applied/ubuntu/xenial-security

Last commit made on 2018-01-23
Get this branch:
git clone -b applied/ubuntu/xenial-security https://git.launchpad.net/ubuntu/+source/rsync
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/xenial-security
Repository:
lp:ubuntu/+source/rsync

Recent commits

842bbdf... by Leonidas S. Barbosa on 2018-01-18

Import patches-applied version 3.1.1-3ubuntu1.2 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 3e6b338540910599c6e151b153f60e652a99b69a
Unapplied parent: 3b7ec6648d1250384e8afd80e286a39e1fac2f2c

New changelog entries:
  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

3b7ec66... by Leonidas S. Barbosa on 2018-01-18

Import patches-unapplied version 3.1.1-3ubuntu1.2 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 7067af89a5ddf713b9b4857f3936e1e68f74c773

New changelog entries:
  * SECURITY UPDATE: receive_xattr function does not check
    for '\0' character allowing denial of service attacks
    - debian/patches/CVE-2017-16548.patch: enforce trailing
      \0 when receiving xattr values in xattrs.c.
    - CVE-2017-16548
  * SECURITY UPDATE: Allows remote attacker to bypass argument
    - debian/patches/CVE-2018-5764.patch: Ignore --protect-args
      when already sent by client in options.c.
    - CVE-2018-5764

3e6b338... by Leonidas S. Barbosa on 2017-12-06

Import patches-applied version 3.1.1-3ubuntu1.1 to applied/ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: a03320727a87dae694a30d584c276c3d596adedb
Unapplied parent: 7067af89a5ddf713b9b4857f3936e1e68f74c773

New changelog entries:
  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

7067af8... by Leonidas S. Barbosa on 2017-12-06

Import patches-unapplied version 3.1.1-3ubuntu1.1 to ubuntu/xenial-security

Imported using git-ubuntu import.

Changelog parent: 5bfd701280571db36b7a211350b009e1be0c64a4

New changelog entries:
  * SECURITY UPDATE: bypass intended access restrictions
    - debian/patches/CVE-2017-17433.patch: check fname in
      recv_files sooner in receiver.c.
    - CVE-2017-17433
  * SECURITY UPDATE: not check for fnamecmp filenames and
    does not apply sanitize_paths
    - debian/patches/CVE-2017-17434-part1.patch: check daemon
      filter against fnamecmp in receiver.c.
    - debian/patches/CVE-2017-17434-part2.patch: sanitize xname
      in rsync.c.
    - CVE-2017-17434

a033207... by Marc Deslauriers on 2016-01-19

Import patches-applied version 3.1.1-3ubuntu1 to applied/ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 7a8766ffe339add0c4a670d62a38c22db17ee49d
Unapplied parent: 5bfd701280571db36b7a211350b009e1be0c64a4

New changelog entries:
  * SECURITY UPDATE: incomplete fix for rsync path spoofing attack
    - debian/patches/CVE-2014-9512-2.diff: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

5bfd701... by Marc Deslauriers on 2016-01-19

Import patches-unapplied version 3.1.1-3ubuntu1 to ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 63041cec32b0861cd347c799051489fb6d882fdb

New changelog entries:
  * SECURITY UPDATE: incomplete fix for rsync path spoofing attack
    - debian/patches/CVE-2014-9512-2.diff: add parent-dir validation for
      --no-inc-recurse too in flist.c, generator.c.
    - CVE-2014-9512

7a8766f... by Paul Slootman <email address hidden> on 2015-03-07

Import patches-applied version 3.1.1-3 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 6d9db7d5d85ea21a8085ab34607dced6883cb4e5
Unapplied parent: 63041cec32b0861cd347c799051489fb6d882fdb

New changelog entries:
  * Added patch for CVE-2014-9512, Rsync path spoofing attack vulnerability.
    closes:#778333

63041ce... by Paul Slootman <email address hidden> on 2015-03-07

Import patches-unapplied version 3.1.1-3 to debian/sid

Imported using git-ubuntu import.

Changelog parent: 078dc6758a9d5984c03d5ba04473ea993632d050

New changelog entries:
  * Added patch for CVE-2014-9512, Rsync path spoofing attack vulnerability.
    closes:#778333

6d9db7d... by Paul Slootman <email address hidden> on 2014-08-09

Import patches-applied version 3.1.1-2 to applied/debian/sid

Imported using git-ubuntu import.

Changelog parent: 4d256555cb34a00ba0cd72afeca36fcc275e7ac6
Unapplied parent: 078dc6758a9d5984c03d5ba04473ea993632d050

New changelog entries:
  * hardening flags were not applied correctly, debian/rules modified thanks
    to patch from Simon Ruderich.
    closes:#754412

078dc67... by Paul Slootman <email address hidden> on 2014-08-09

Import patches-unapplied version 3.1.1-2 to debian/sid

Imported using git-ubuntu import.

Changelog parent: d79fe3e50cd8fe8260a666d74ac80140639f3a36

New changelog entries:
  * hardening flags were not applied correctly, debian/rules modified thanks
    to patch from Simon Ruderich.
    closes:#754412