Information on source package rsync

Available versions

ReleaseVersion
jessie3.1.1-3+deb8u2
stretch3.1.2-1+deb9u3
buster3.1.3-6
bullseye3.2.3-4+deb11u1
bookworm3.2.7-1
trixie3.3.0-1
sid3.3.0-1

Open issues

BugjessiestretchbusterbullseyebookwormtrixiesidDescription
TEMP-0786423-948688vulnerable (no DSA)fixedfixedfixedfixedfixedfixedrsync collision attack
CVE-2022-29154vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA, ignored)vulnerable (no DSA)fixedfixedfixedAn issue was discovered in rsync before 3.2.5 that allows malicious re ...

Resolved issues

BugDescription
CVE-2020-14387A flaw was found in rsync in versions since 3.2.0pre1. Rsync improperl ...
CVE-2018-5764The parse_arguments function in options.c in rsyncd in rsync before 3. ...
CVE-2017-17434The daemon in rsync 3.1.2, and 3.1.3-development before 2017-12-03, do ...
CVE-2017-17433The recv_files function in receiver.c in the daemon in rsync 3.1.2, an ...
CVE-2017-16548The receive_xattr function in xattrs.c in rsync 3.1.2 and 3.1.3-develo ...
CVE-2017-15994rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums ...
CVE-2016-9843The crc32_big function in crc32.c in zlib 1.2.8 might allow context-de ...
CVE-2016-9842The inflateMark function in inflate.c in zlib 1.2.8 might allow contex ...
CVE-2016-9841inffast.c in zlib 1.2.8 might allow context-dependent attackers to hav ...
CVE-2016-9840inftrees.c in zlib 1.2.8 might allow context-dependent attackers to ha ...
CVE-2014-9512rsync 3.1.1 allows remote attackers to write to arbitrary files via a ...
CVE-2014-2855The check_secret function in authenticate.c in rsync 3.1.0 and earlier ...
CVE-2011-1097rsync 3.x before 3.0.8, when certain recursion, deletion, and ownershi ...
CVE-2008-1720Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xatt ...
CVE-2007-6200Unspecified vulnerability in rsync before 3.0.0pre6, when running a wr ...
CVE-2007-6199rsync before 3.0.0pre6, when running a writable rsync daemon that is n ...
CVE-2007-4091Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow ...
CVE-2006-2083Integer overflow in the receive_xattr function in the extended attribu ...
CVE-2005-2096zlib 1.2 and later versions allows remote attackers to cause a denial ...
CVE-2004-2093Buffer overflow in the open_socket_out function in socket.c for rsync ...
CVE-2004-0792Directory traversal vulnerability in the sanitize_path function in uti ...
CVE-2004-0426rsync before 2.6.1 does not properly sanitize paths when running a rea ...
CVE-2003-0962Heap-based buffer overflow in rsync before 2.5.7, when running in serv ...

Security announcements

DSA / DLADescription
DLA-2833-1rsync - security update
DLA-1725-1rsync - security update
ELA-95-1rsync - security update
DLA-1247-1rsync - security update
DLA-1218-1rsync - security update
DSA-4068-1rsync - security update
DSA-1545-1rsync
DSA-1360-1rsync - arbitrary code execution
DSA-538rsync - unauthorised directory traversal and file access
DSA-499rsync - directory traversal
DSA-404rsync - heap overflow

Search for package or bug name: Reporting problems