This is the mail archive of the
mailing list for the Cygwin project.
Re: [SECURITY] rdiff/librsync, rdiff-backup
- From: David Rothenberger <daveroth at acm dot org>
- To: cygwin-apps at cygwin dot com
- Date: Tue, 02 Jun 2015 21:55:34 -0700
- Subject: Re: [SECURITY] rdiff/librsync, rdiff-backup
- Authentication-results: sourceware.org; auth=none
- References: <1433280096 dot 8324 dot 89 dot camel at cygwin dot com>
On 6/2/2015 2:21 PM, Yaakov Selkowitz wrote:
> A checksum collision vulnerability has been found in librsync (rdiff):
> The solution is to update librsync to 1.0.0; you may wish to consider
> the following patch as well:
> Please note that both Fedora and Debian call the main package librsync
> based on upstream packaging, from which rdiff could be a subpackage.
> The different naming of this package threw me off for a while. Any
> chance we could shuffle the packaging around (I can help with the server
> Then, all librsync-dependent packages need to be rebuilt against 1.0.0,
> namely rdiff-backup, which requires the following patch:
> You may wish to consider the following patches for rdiff-backup as well:
Thanks for the detailed information. I'll take a look at this over the
weekend. I'll upload the new packages once I get them built and send
another email so you can shuffle things around on the server side.
David Rothenberger ---- firstname.lastname@example.org
Kaufman's First Law of Party Physics:
Population density is inversely proportional
to the square of the distance from the keg.