]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9a57027) | patch
rsync: fix CVE-2025-10158
authorLiyin Zhang <liyin.zhang.cn@windriver.com>
Thu, 18 Dec 2025 07:57:57 +0000 (15:57 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 22 Dec 2025 17:54:58 +0000 (17:54 +0000)
commit6b712ec9819cf1f170ef62bc2c0115a80c93f509
treed5d5b62a64729b808bb196312b8f42b74ed08913tree
parent9a57027adb6efcffb7c1bd3f9b1feaa4bd7ffeedcommit | diff
rsync: fix CVE-2025-10158

CVE-2025-10158:
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-10158]

Upstream patch:
[https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f]

Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-devtools/rsync/files/CVE-2025-10158.patch [new file with mode: 0644] blob
meta/recipes-devtools/rsync/rsync_3.4.1.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core