|
1 | | -# NEWS for rsync 3.4.0 (14th Jan 2025) |
| 1 | +# NEWS for rsync 3.4.0 (15 Jan 2025) |
2 | 2 |
|
3 | 3 | Release 3.4.0 is a security release that fixes a number of important vulnerabilities. |
4 | 4 |
|
5 | | -Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at |
6 | | -Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for |
7 | | -discovering these vulnerabilities and working with the rsync project |
8 | | -to develop and test fixes. |
9 | | - |
10 | 5 | For more details on the vulnerabilities please see the CERT report |
11 | 6 | https://kb.cert.org/vuls/id/952657 |
12 | 7 |
|
13 | 8 | ## Changes in this version: |
14 | 9 |
|
| 10 | +### PROTOCOL NUMBER: |
| 11 | + |
| 12 | + - The protocol number was changed to 32 to make it easier for |
| 13 | + administrators to check their servers have been updated |
| 14 | + |
15 | 15 | ### SECURITY FIXES: |
16 | 16 |
|
| 17 | +Many thanks to Simon Scannell, Pedro Gallegos, and Jasiel Spelman at |
| 18 | +Google Cloud Vulnerability Research and Aleksei Gorban (Loqpa) for |
| 19 | +discovering these vulnerabilities and working with the rsync project |
| 20 | +to develop and test fixes. |
| 21 | + |
17 | 22 | - CVE-2024-12084 - Heap Buffer Overflow in Checksum Parsing. |
18 | 23 |
|
19 | 24 | - CVE-2024-12085 - Info Leak via uninitialized Stack contents defeats ASLR. |
@@ -4811,7 +4816,7 @@ https://kb.cert.org/vuls/id/952657 |
4811 | 4816 |
|
4812 | 4817 | | RELEASE DATE | VER. | DATE OF COMMIT\* | PROTOCOL | |
4813 | 4818 | |--------------|--------|------------------|-------------| |
4814 | | -| ?? Nov 2024 | 3.3.1 | | 31 | |
| 4819 | +| 15 Jan 2025 | 3.4.0 | | 32 | |
4815 | 4820 | | 06 Apr 2024 | 3.3.0 | | 31 | |
4816 | 4821 | | 20 Oct 2022 | 3.2.7 | | 31 | |
4817 | 4822 | | 09 Sep 2022 | 3.2.6 | | 31 | |
|
0 commit comments