Package: rsync Version: 2.6.2-2 Severity: grave Tags: security upstream fixed-upstream patch Justification: user security hole
The rsync team has announced a new security bug which affects daemon mode:
<http://samba.org/rsync/#security_aug04>
The patch is reproduced below (module whitespace)
--- orig/util.c 2004-04-27 12:59:37 -0700 +++ util.c 2004-08-11 23:37:27 -0700 @@ -743,7 +743,7 @@ allowdotdot = 1; } else { p += 2; - if (*p == '/') + while (*p == '/') p++; if (sanp != start) { /* back up sanp one level */
Package: rsync
Version: 2.6.2-2
Severity: grave
Tags: security upstream fixed-upstream patch
Justification: user security hole
The rsync team has announced a new security bug which affects daemon
mode:
<http:// samba.org/ rsync/# security_ aug04>
The patch is reproduced below (module whitespace)
--- orig/util.c 2004-04-27 12:59:37 -0700
+++ util.c 2004-08-11 23:37:27 -0700
@@ -743,7 +743,7 @@
allowdotdot = 1;
} else {
p += 2;
- if (*p == '/')
+ while (*p == '/')
p++;
if (sanp != start) {
/* back up sanp one level */