Re: rsync - security error
On Fri, 2022-08-26 at 02:26:47 +, Thomas Ward wrote: > > Alex, > > I believe that OP is referring to the last set of CVEs listed here[1] > announced on the 14th. So forgive me while I poke the thread with > additional information. 🙂 I think the original ask was about those. No worries - thanks for the clarification 😀 > > -- > > CVE-2022-37434 was announced on the 14th. And is patched already in Ubuntu > [2]. > > CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include > as a security update for any of the releases at the time of review (see the > details in the link). > > > > -- > > Thomas > > > [1]: https://rsync.samba.org/security.html > [2]: https://ubuntu.com/security/CVE-2022-37434 > [3]: https://ubuntu.com/security/CVE-2022-29154 > > > > From: Ubuntu-devel-discuss on > behalf of Alex Murray > Sent: Thursday, August 25, 2022 9:52 PM > To: mynek...@mail.de ; > ubuntu-devel-discuss@lists.ubuntu.com > Subject: Re: rsync - security error > > Hi > > In Ubuntu we generally do not upload new versions of packages once a > particular Ubuntu release is made. Instead when a security bug (CVE) is > announced, if the version of the particular package in that Ubuntu > release is affected, the security team will backport the patch which > fixes the bug to the older version of the package. > > As such, there are currently no known CVEs which have not been patched > for rsync in Ubuntu - you can see this by looking at: > > https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status= > > Thanks, > Alex > > On Fri, 2022-08-19 at 21:05:42 +0200, mynek...@mail.de wrote: > >> >> Hello, >> >> please provide a new version. The current one contains a security bug. >> >> The current one is 3.2.5. >> See: https://rsync.samba.org/ >> >> Thank you >> >> -- >> Ubuntu-devel-discuss mailing list >> Ubuntu-devel-discuss@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: rsync - security error
Alex, I believe that OP is referring to the last set of CVEs listed here[1] announced on the 14th. So forgive me while I poke the thread with additional information. 🙂 I think the original ask was about those. -- CVE-2022-37434 was announced on the 14th. And is patched already in Ubuntu [2]. CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include as a security update for any of the releases at the time of review (see the details in the link). -- Thomas [1]: https://rsync.samba.org/security.html [2]: https://ubuntu.com/security/CVE-2022-37434 [3]: https://ubuntu.com/security/CVE-2022-29154 From: Ubuntu-devel-discuss on behalf of Alex Murray Sent: Thursday, August 25, 2022 9:52 PM To: mynek...@mail.de ; ubuntu-devel-discuss@lists.ubuntu.com Subject: Re: rsync - security error Hi In Ubuntu we generally do not upload new versions of packages once a particular Ubuntu release is made. Instead when a security bug (CVE) is announced, if the version of the particular package in that Ubuntu release is affected, the security team will backport the patch which fixes the bug to the older version of the package. As such, there are currently no known CVEs which have not been patched for rsync in Ubuntu - you can see this by looking at: https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status= Thanks, Alex On Fri, 2022-08-19 at 21:05:42 +0200, mynek...@mail.de wrote: > > Hello, > > please provide a new version. The current one contains a security bug. > > The current one is 3.2.5. > See: https://rsync.samba.org/ > > Thank you > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
Re: rsync - security error
Hi In Ubuntu we generally do not upload new versions of packages once a particular Ubuntu release is made. Instead when a security bug (CVE) is announced, if the version of the particular package in that Ubuntu release is affected, the security team will backport the patch which fixes the bug to the older version of the package. As such, there are currently no known CVEs which have not been patched for rsync in Ubuntu - you can see this by looking at: https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status= Thanks, Alex On Fri, 2022-08-19 at 21:05:42 +0200, mynek...@mail.de wrote: > > Hello, > > please provide a new version. The current one contains a security bug. > > The current one is 3.2.5. > See: https://rsync.samba.org/ > > Thank you > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
