Issue metadata
Sign in to add a comment
|
CrOS: Vulnerability reported in net-misc/rsync |
||||||||||||||||||
Issue descriptionAutomated analysis has detected that the following third party packages have had vulnerabilities publicly reported. NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package. Package Name: net-misc/rsync Package Version: [cpe:/a:samba:rsync:3.1.2] Advisory: CVE-2017-15994 Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-15994 CVSS severity score: 7.5/10.0 Confidence: high Description: rsync 3.1.3-development before 2017-10-24, as used in the xlucas svfs rsync fork and other products, mishandles archaic checksums, which makes it easier for remote attackers to bypass intended access restrictions.
,
Nov 27 2017
Debian says the problematic code was introduced after 3.1.2 (https://security-tracker.debian.org/tracker/CVE-2017-15994): https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3 https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55 https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
,
Mar 6 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||
Comment 1 by kerrnel@chromium.org
, Nov 21 2017