From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 32508 invoked by alias); 28 Aug 2007 19:47:48 -0000 Received: (qmail 32487 invoked by uid 22791); 28 Aug 2007 19:47:47 -0000 X-Spam-Check-By: sourceware.org Received: from motoko.lapo.it (HELO mail.lapo.it) (88.198.0.105) by sourceware.org (qpsmtpd/0.31) with SMTP; Tue, 28 Aug 2007 19:47:39 +0000 Received: (qmail 6141 invoked by uid 89); 28 Aug 2007 19:47:36 -0000 Received: from unknown (HELO ?10.0.0.1?) (lapo@lapo.it@81.74.40.71) by 0 with SMTP; 28 Aug 2007 19:47:36 -0000 Message-ID: <46D47BD0.3000301@lapo.it> Date: Tue, 28 Aug 2007 19:47:00 -0000 From: Lapo Luchini User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.0.13) Gecko/20070809 Thunderbird/1.5.0.13 Mnenhy/0.7.4.0 MIME-Version: 1.0 To: "[ML] CygWin-Apps" Subject: Re: [UPLOAD] rsync-2.6.9-2 References: <46D33902.5020403@lapo.it> <46D451C0.9000002@acm.org> <46D464F2.6000207@lapo.it> In-Reply-To: <46D464F2.6000207@lapo.it> OpenPGP: id=C8F252FB Content-Type: text/plain; charset=KOI8-R Content-Transfer-Encoding: 7bit X-IsSubscribed: yes Mailing-List: contact cygwin-apps-help@cygwin.com; run by ezmlm Precedence: bulk Sender: cygwin-apps-owner@cygwin.com List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Mail-Followup-To: cygwin-apps@cygwin.com X-SW-Source: 2007-08/txt/msg00223.txt.bz2 Lapo Luchini wrote: >> Would it make sense to include the patch [...] to fix the off-by-one >> errors that could lead remote code execution?[*] >> I'm sorry for not noticing this before rsync was uploaded. >> > Don't be sorry, *I* am sorry not to have noticed that myself, as I was > supposed to ;) > I have to notice, though, that I'm in good company: neither official rsync homepage or devel ML took notice of it so far... (I wonder why the patch author didn't write to the ML concurrently to his blog post) Anyway... http://cyberx.lapo.it/cygwin/rsync/setup.hint (unchanged) http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2.tar.bz2 http://cyberx.lapo.it/cygwin/rsync/rsync-2.6.9-2-src.tar.bz2 -- Lapo Luchini lapo@lapo.it (OpenPGP & X.509) www.lapo.it (Jabber, ICQ, MSN)