This was indeed fixed in xenial and trusty already. Thanks for
reporting.
rsync (3.1.1-3ubuntu1) xenial; urgency=medium
* SECURITY UPDATE: incomplete fix for rsync path spoofing attack
- debian/patches/CVE-2014-9512-2.diff: add parent-dir validation for
--no-inc-recurse too in
Looks like this is http://people.canonical.com/~ubuntu-
security/cve/2014/CVE-2014-9512.html
** Information type changed from Private Security to Public Security
** Changed in: rsync (Ubuntu)
Status: New => Confirmed
** CVE added: http://www.cve.mitre.org/cgi-
2 matches
Mail list logo
