-
Committer:
Package Import Robot
-
Author(s):
Russ Allbery
-
Date:
2012-11-22 12:01:41 UTC
-
Revision ID:
package-import@ubuntu.com-20121122120141-fptmwkheajahgcvj
Tags: 2.3.3-6
* Fix several flaws in validation of rsync options. Ensure --server
cannot be hidden from the server by putting it after -- or as the
argument to another option. Verify that the -e option's value matches
expectations rather than trying to look for invalid -e option values.
(CVE-2012-2251)
* Reject the rsync --rsh option even if it does not contain a trailing
equal sign. (CVE-2012-2252)