]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7ef4009) | patch
rsync: fix CVE-2025-10158
authorLiyin Zhang <liyin.zhang.cn@windriver.com>
Wed, 17 Dec 2025 08:57:52 +0000 (16:57 +0800)
committerSteve Sakoman <steve@sakoman.com>
Wed, 17 Dec 2025 16:28:39 +0000 (08:28 -0800)
commitfe4bea86b27551edbe7440ff47041b6d45b2f4e1
tree24ad4d68a597f37f8e4e6da3a8c1efdecb41f869tree | snapshot
parent7ef40090719cab3fb9bda3f87a9d700d9b503e3ecommit | diff
rsync: fix CVE-2025-10158

CVE-2025-10158:
A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue.

Reference:
[https://nvd.nist.gov/vuln/detail/CVE-2025-10158]

Upstream patch:
[https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f]

Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/rsync/files/CVE-2025-10158.patch [new file with mode: 0644] blob
meta/recipes-devtools/rsync/rsync_3.2.7.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core