TEMP-0786423-948688

NameTEMP-0786423-948688
Descriptionrsync collision attack
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs786423

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
rsync (PTS)jessie, jessie (lts)3.1.1-3+deb8u2vulnerable
stretch (security), stretch (lts), stretch3.1.2-1+deb9u3fixed
buster3.1.3-6fixed
bullseye3.2.3-4+deb11u1fixed
bookworm3.2.7-1fixed
sid, trixie3.3.0-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
rsyncsource(unstable)3.1.2-1low786423

Notes

[jessie] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[wheezy] - rsync <no-dsa> (Minor issue, too instrusive to backport)
[squeeze] - rsync <no-dsa> (Minor issue, too instrusive to backport)
CVE-2014-8242 was only specific assigned for librsync but rsync has equivalent issue
https://github.com/therealmik/rsync-collision
https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869
https://lists.samba.org/archive/rsync/2015-May/030123.html

Search for package or bug name: Reporting problems