Hi there, Quoting an article here:
https://www.openwall.com/lists/oss-security/2026/04/16/2 SentinelOne claims in an AI-generated advisory here: https://www.sentinelone.com/vulnerability-database/cve-2026-41035/ that there is a vulnerability in rsync from versions 3.0.1 to 3.4.1 which is (again, claimed to be) exploitable under certain circumstances. The currently released version of rsync-bpc is based on rsync 3.1.3 and could therefore be expected to suffer from this vulnerability. There is indeed an issue and rsync authors have committed a fixed for it here: https://github.com/RsyncProject/rsync/commit/bb0a8118c2d2ab01140bac5e4e327e5e1ef90c9c The authors state that this fault is not exploitable. By default the configuration of rsync-bpc does not use the '--xattrs' option which the AI thinks allows an exploit. In any case, I've made the same fix in the rsync-bpc code currently in development and it will be released when rsync-bpc 3.4.1.0rc1 comes out (which I hope will be soon:). For those of you who were wondering, at the moment I'm working on an occasional excessive memory usage issue. When that's fixed, rsync-bpc 3.4.1.0rc1 will be ready for release. At the moment I see no need to rush it. -- 73, Ged. _______________________________________________ BackupPC-users mailing list [email protected] List: https://lists.sourceforge.net/lists/listinfo/backuppc-users Wiki: https://github.com/backuppc/backuppc/wiki Project: https://backuppc.github.io/backuppc/
