Matt McCutchen's Web Site
/
rsync
/
rsync.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
|
inline
| side by side (parent:
6f0fc27
)
Mention the security fix.
author
Wayne Davison
<wayned@samba.org>
Thu, 12 Aug 2004 20:58:33 +0000
(20:58 +0000)
committer
Wayne Davison
<wayned@samba.org>
Thu, 12 Aug 2004 20:58:33 +0000
(20:58 +0000)
NEWS
patch
|
blob
|
blame
|
history
diff --git
a/NEWS
b/NEWS
index
8d38b97
..
290c72d
100644
(file)
--- a/
NEWS
+++ b/
NEWS
@@
-2,6
+2,14
@@
NEWS for rsync 2.6.3 (UNRELEASED)
Protocol: 28 (unchanged)
Changes since 2.6.2:
Protocol: 28 (unchanged)
Changes since 2.6.2:
+ SECURITY FIXES:
+
+ - A bug in the sanitize_path routine (which affects a non-chrooted
+ rsync daemon) could allow a user to specify an absolute path for
+ certain options (but not for file-transfer names). If you're running
+ a rsync daemon with chroot disabled, *please upgrade*, ESPECIALLY if
+ the user privs you run rsync under is anything above "nobody".
+
OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
- Please note that the 2-line footer (output when verbose) now uses the
OUTPUT CHANGES (ATTN: those using a script to parse the verbose output):
- Please note that the 2-line footer (output when verbose) now uses the