poky/rsync at kirkstone - poky

CaROS/poky

mirror of https://git.yoctoproject.org/git/poky synced 2026-01-01 13:58:04 +00:00

History

Liyin Zhang 652e8fc3b9 rsync: fix CVE-2025-10158 CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-10158] Upstream patch: [`797e17fc4a`] (From OE-Core rev: fe4bea86b27551edbe7440ff47041b6d45b2f4e1) Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>	2025-12-31 07:24:54 -08:00
..
files	rsync: fix CVE-2025-10158	2025-12-31 07:24:54 -08:00
rsync_3.2.7.bb	rsync: fix CVE-2025-10158	2025-12-31 07:24:54 -08:00

Liyin Zhang 652e8fc3b9 rsync: fix CVE-2025-10158

CVE-2025-10158:
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-10158]

Upstream patch:
[797e17fc4a]

(From OE-Core rev: fe4bea86b27551edbe7440ff47041b6d45b2f4e1)

Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

2025-12-31 07:24:54 -08:00

files rsync: fix CVE-2025-10158 2025-12-31 07:24:54 -08:00

rsync_3.2.7.bb rsync: fix CVE-2025-10158 2025-12-31 07:24:54 -08:00