On Fri, 2022-08-26 at 02:26:47 +0000, Thomas Ward wrote: > > Alex, > > I believe that OP is referring to the last set of CVEs listed here[1] > announced on the 14th. So forgive me while I poke the thread with > additional information. 🙂 I think the original ask was about those.
No worries - thanks for the clarification 😀 > > ------ > > CVE-2022-37434 was announced on the 14th. And is patched already in Ubuntu > [2]. > > CVE-2022-29154 is the second one, and was deemed too intrusive [3] to include > as a security update for any of the releases at the time of review (see the > details in the link). > > > > ------ > > Thomas > > > [1]: https://rsync.samba.org/security.html > [2]: https://ubuntu.com/security/CVE-2022-37434 > [3]: https://ubuntu.com/security/CVE-2022-29154 > > > ________________________________ > From: Ubuntu-devel-discuss <ubuntu-devel-discuss-boun...@lists.ubuntu.com> on > behalf of Alex Murray <alex.mur...@canonical.com> > Sent: Thursday, August 25, 2022 9:52 PM > To: mynek...@mail.de <mynek...@mail.de>; > ubuntu-devel-discuss@lists.ubuntu.com <ubuntu-devel-discuss@lists.ubuntu.com> > Subject: Re: rsync - security error > > Hi > > In Ubuntu we generally do not upload new versions of packages once a > particular Ubuntu release is made. Instead when a security bug (CVE) is > announced, if the version of the particular package in that Ubuntu > release is affected, the security team will backport the patch which > fixes the bug to the older version of the package. > > As such, there are currently no known CVEs which have not been patched > for rsync in Ubuntu - you can see this by looking at: > > https://ubuntu.com/security/cves?q=&package=rsync&priority=&version=&status= > > Thanks, > Alex > > On Fri, 2022-08-19 at 21:05:42 +0200, mynek...@mail.de wrote: > >> >> Hello, >> >> please provide a new version. The current one contains a security bug. >> >> The current one is 3.2.5. >> See: https://rsync.samba.org/ >> >> Thank you >> >> -- >> Ubuntu-devel-discuss mailing list >> Ubuntu-devel-discuss@lists.ubuntu.com >> Modify settings or unsubscribe at: >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss > > -- > Ubuntu-devel-discuss mailing list > Ubuntu-devel-discuss@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
