From ${URL} : Michael Samuel discovered that rsync was vulnerable to checksum collisions. This could prevent rsync from running and syncing files successfully, which could break various applications that use and rely on rsync. Details are available in the original report: http://www.openwall.com/lists/oss-security/2014/07/28/1 This will require work with upstream to bring in Michael's proposed libdetectcoll and blake2b changes/get rsync to use something other than MD5. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Upstream Fix: https://git.samba.org/?p=rsync.git;a=commit;h=eac858085e3ac94ec0ab5061d11f52652c90a869 This fix was included in 3.1.2 release. Added to existing GLSA.
This issue was resolved and addressed in GLSA 201605-04 at https://security.gentoo.org/glsa/201605-04 by GLSA coordinator Yury German (BlueKnight).