Matthew Parry schrieb:
i didn't see rysnc on the software update notes but according to macfixit.com it *was* part of the security update.
Well, the original advisory by Apple has this to say:
rsync CVE-ID: CVE-2005-3712 Available for: Mac OS X v10.4.5, Mac OS X Server v10.4.5 Impact: Authenticated users may cause an rsync server to crash or execute arbitrary code Description: A heap-based buffer overflow may be triggered when the rsync server is used with the flag that allows extended attributes to be transferred. It may be possible for a malicious user with access to an rsync server to cause denial of service or code execution. This update addresses the problem by ensuring that the destination buffer is large enough to hold the extended attributes. This issue does not affect systems prior to Mac OS X v10.4. Credit to Jan-Derk Bakker for reporting this issue.
So, although I didn't have a look at the issue myself, I would interpret this as rsync remaining untouched by this update. So 1.3.9. should continue to work, I guess.
Greetings, Nils ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Fink-users mailing list Fink-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fink-users
