Comment 1 Sune Kloppenborg Jeppesen (RETIRED) 2006-04-28 21:57:26 UTC

This is fixed in 2.6.8 which is already in the tree but the advisory is not public yet.

Arch Security Liaisons please test and mark stable.

Comment 2 Mark Loeser (RETIRED) 2006-04-28 23:45:14 UTC

x86 all done :)

Comment 3 Tobias Scherbaum (RETIRED) 2006-04-29 01:55:39 UTC

ppc stable

Comment 4 Markus Rothe (RETIRED) 2006-04-29 02:37:08 UTC

stable on ppc64

Comment 5 Thomas Cort (RETIRED) 2006-04-29 09:23:51 UTC

amd64 stable.

Comment 6 Gustavo Zacarias (RETIRED) 2006-04-29 10:10:12 UTC

sparc stable.

Comment 7 René Nussbaumer (RETIRED) 2006-04-29 12:54:43 UTC

hppa stable

Comment 8 Bryan Østergaard (RETIRED) 2006-04-30 04:34:11 UTC

Stable on alpha + ia64.

Comment 9 Markus Rothe (RETIRED) 2006-05-02 08:47:20 UTC

jaervosz: this is already stable on ppc64. or do I miss an argument why you CC'd us again? Please readd, if I missunderstand this...

Comment 10 Thierry Carrez (RETIRED) 2006-05-02 09:17:21 UTC

Ready for GLSA. For the drafter :

<< The vulnerable function is only present when the rsync binary was compiled
with the configuration option --enable-xattr-support. This is enabled by
default on Fedora Core 5.

Furthermore, for the rsync server daemon to be exploited, an attacker must
have write access to a module on the server. This is due to the vulnerable
code being called only from the recv_file_list() function, which is used
when receiving files from the connected peer. >>

USE=acl triggers the --enable-xattr-support for Gentoo.

Comment 11 Fabian Groffen 2006-05-03 11:59:24 UTC

rsync has only ~ppc-macos keywords (no stable keyword for any version).  In package.mask.  Not stabling.

Comment 12 Sune Kloppenborg Jeppesen (RETIRED) 2006-05-05 22:03:30 UTC

GLSA 200605-05

arm, mips, s390 don't forget to mark stable to benefit from the GLSA.

Comment 13 Joshua Kinard 2006-09-04 00:21:43 UTC

Stable on mips.