Ubuntu
rsync package

[CVE-2007-6199 and CVE-2007-6200] rsync is vulnerable

Bug #174133 reported by Stephan Rügamer on 2007-12-05

262

This bug affects 1 person

Affects		Status	Importance	Assigned to
	rsync (Debian)	Fix Released	Unknown	debbugs #453652
	rsync (Ubuntu)	Fix Released	High	Unassigned
Nominated for Dapper by disabled.user
Nominated for Feisty by disabled.user
Nominated for Gutsy by disabled.user

Bug Description

Binary package hint: rsync

Dear Colleagues,

from DBTS: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652

the new rsync upstream release fixes two security bugs which
can be exploited via a symlink attack.

Fixes can be found upstream: http://rsync.samba.org/ftp/rsync/munge-symlinks-2.6.9.diff

CVE References

Stephan Rügamer (sruegamer) on 2007-12-05

Changed in rsync:
assignee:	nobody → shermann
status:	New → In Progress

Stephan Rügamer (sruegamer) on 2007-12-11

Changed in rsync:
assignee:	shermann → nobody
status:	In Progress → Confirmed

Bug Watch Updater (bug-watch-updater) on 2008-01-10

Changed in rsync:
status:	Unknown → Fix Released

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-29:

Fixed in hardy.

emgent@emanuele-gentili:~/Ubuntu/Security/hardy/rsync/rsync-2.6.9/debian/patches$ ls -la |grep CVE-2007-6200
-rw-r--r--+ 1 emgent emgent 14986 2008-04-29 10:19 CVE-2007-6200-6199.patch
emgent@emanuele-gentili:~/Ubuntu/Security/hardy/rsync/rsync-2.6.9/debian/patches$

Changed in rsync:
importance:	Undecided → High
status:	Confirmed → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

debbugs #453652
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntursync package