[Git][security-tracker-team/security-tracker][master] CVE-2026-43618/rsync: reference fix and regression fix

Mon Jun 15 08:12:01 BST 2026


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
d6cfb604 by Sylvain Beucler at 2026-06-15T09:11:54+02:00
CVE-2026-43618/rsync: reference fix and regression fix

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -17908,6 +17908,10 @@ CVE-2026-43618 (Rsync version3.4.2 and prior contain an integer overflow vulnera
 	NOTE: https://download.samba.org/pub/rsync/NEWS#3.4.3
 	NOTE: https://www.openwall.com/lists/oss-security/2026/05/20/6
 	NOTE: https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq
+	NOTE: Fixed by: https://github.com/RsyncProject/rsync/commit/c44c90e9460c666c965446a8c0957f0b9fa4c66a (v3.4.3)
+	NOTE: Testcase: https://github.com/RsyncProject/rsync/commit/e4c681fefd1be3a361a2f718f9a530fc52f0b612 (v3.4.3)
+	NOTE: Regression: https://github.com/RsyncProject/rsync/issues/951
+	NOTE: Regression: https://github.com/RsyncProject/rsync/commit/ee7c8a57839d1f44c689d6a27b91edf7e078ec1c (v3.4.4)
 CVE-2026-43619 (Rsync version3.4.2 and prior contain symlink race condition vulnerabil ...)
 	{DSA-6282-1 DLA-4591-1}
 	- rsync 3.4.3+ds1-1



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cfb604b219211f694362762e6e884719099c2c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/d6cfb604b219211f694362762e6e884719099c2c
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20260615/6bc74dfd/attachment.htm>
