100674 – net-misc/rsync 2.6.6 fixes zlib issues

Bug 100674 - net-misc/rsync 2.6.6 fixes zlib issues

Summary: net-misc/rsync 2.6.6 fixes zlib issues

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://www.samba.org/rsync/
Whiteboard:	[ ? ] jaervosz
Keywords:

Depends on:
Blocks:

Reported:	2005-07-29 00:53 UTC by Tim Yamin (RETIRED)
Modified:	2006-07-03 12:08 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Yamin (RETIRED) gentoo-dev

2005-07-29 00:53:22 UTC

Rsync version 2.6.6 has been released. This release is a bug-fix release to
handle a null-pointer bug that turned up in rsync's version of zlib 1.1.4 (this
is not the recent zlib 1.2.2 security fix, which did not affect rsync) and to
squash a few other minor bugs.

Mike, please update. Thanks.

Comment 1 SpanKY gentoo-dev

2005-07-29 16:36:53 UTC

added 2.6.6 to portage

i dont think we need this to go stable seeing as how rsync is not affected by
the inftrees issue which was in zlib-1.2.2

Comment 2 Sune Kloppenborg Jeppesen (RETIRED) gentoo-dev

2005-07-29 21:59:45 UTC

plasmaroo please confirm.

Comment 3 Thierry Carrez (RETIRED) gentoo-dev

2005-07-30 01:41:22 UTC

Looks like a DoS in client to me. Connect to malicious site, it can crash your
rsync client. We should not consider those as vulnerabilities...

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2005-07-30 04:03:19 UTC

Yeah, the 2.6.5 with the 1.1.x is fine so we can close this (it had the set v to
length of n fix in already which is the important one).