Changelog
rsync (2.6.9-5.1ubuntu1) hardy; urgency=low
* Merge from debian unstable, remaining changes:
- Remove stop links from rc0 and rc6
(and use update-rc.d multiuser instead of defaults)
- maintainer field changed
- depend on sysv-rc
rsync (2.6.9-5.1) unstable; urgency=high
* Non-maintainer upload by testing-security team.
* This update addresses the following security issues (Closes: #453652):
- When "use chroot" option is disabled, a programming error
can be exploited by a user to trick rsync into creating a
symlink that points outside the module's hierarchy.
- A programming error within the "exclude", "exclude from" and "filter"
options can be exploited via a symlink attack to gain access
to hidden files if the filename is known.
-- Michael Vogt <email address hidden> Thu, 06 Dec 2007 12:34:46 +0100