Viewing all changes in revision 17.
- Committer: Package Import Robot
- Date: 2012-11-22 12:01:41 UTC
- Revision ID: package-import@ubuntu.com-20121122120141-fptmwkheajahgcvj
* Fix several flaws in validation of rsync options. Ensure --server
cannot be hidden from the server by putting it after -- or as the
argument to another option. Verify that the -e option's value matches
expectations rather than trying to look for invalid -e option values.
(CVE-2012-2251)
* Reject the rsync --rsh option even if it does not contain a trailing
equal sign. (CVE-2012-2252)
cannot be hidden from the server by putting it after -- or as the
argument to another option. Verify that the -e option's value matches
expectations rather than trying to look for invalid -e option values.
(CVE-2012-2251)
* Reject the rsync --rsh option even if it does not contain a trailing
equal sign. (CVE-2012-2252)
expand all
collapse all
added
removed
