Summary: | <net-misc/rsync-3.2.3-r5: improper TLS validation in rsync-ssl script (CVE-2020-14387) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | Keywords: | PullRequest |
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1875549 | ||
See Also: | https://github.com/gentoo/gentoo/pull/22981 | ||
Whiteboard: | A3 [glsa+] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 827218 | ||
Bug Blocks: |
Description
Sam James
2021-05-28 03:00:43 UTC
Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=029532544d5edfe5fc70413a827831932e3c0b21 commit 029532544d5edfe5fc70413a827831932e3c0b21 Author: Varsha Teratipally <teratipally@google.com> AuthorDate: 2021-11-17 17:30:16 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-11-18 02:30:46 +0000 net-misc/rsync: fix CVE-2020-14387 Bug: https://bugs.gentoo.org/792576 Signed-off-by: Varsha Teratipally <teratipally@google.com> Closes: https://github.com/gentoo/gentoo/pull/22981 Signed-off-by: Sam James <sam@gentoo.org> .../files/rsync-3.2.3-verify-certificate.patch | 26 +++++ net-misc/rsync/rsync-3.2.3-r5.ebuild | 124 +++++++++++++++++++++ 2 files changed, 150 insertions(+) Please cleanup commit 882b77edf896534ffd91d0fb17696bfda91e635b Author: Sam James <sam@gentoo.org> Date: Sun Apr 17 18:00:47 2022 +0100 net-misc/rsync: drop 3.2.3-r4 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=dff332004f4513f384a402a0411b9418dd99d9c2 commit dff332004f4513f384a402a0411b9418dd99d9c2 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-05-08 06:28:44 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-05-08 06:29:05 +0000 [ GLSA 202405-22 ] rsync: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/792576 Bug: https://bugs.gentoo.org/838724 Bug: https://bugs.gentoo.org/862876 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202405-22.xml | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) |