This was indeed fixed in xenial and trusty already. Thanks for reporting.
rsync (3.1.1-3ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for rsync path spoofing attack - debian/patches/CVE-2014-9512-2.diff: add parent-dir validation for --no-inc-recurse too in flist.c, generator.c. - CVE-2014-9512
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2016 14:58:35 -0500
This was indeed fixed in xenial and trusty already. Thanks for reporting.
rsync (3.1.1-3ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for rsync path spoofing attack patches/ CVE-2014- 9512-2. diff: add parent-dir validation for -no-inc- recurse too in flist.c, generator.c.
- debian/
-
- CVE-2014-9512
-- Marc Deslauriers <email address hidden> Tue, 19 Jan 2016 14:58:35 -0500