-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: mips64el
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-05) <buildd_mips64el-mipsel-osuosl-05@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 fb4fdd5ed12b5f7cc2ccb7d9d9ba9b96e5a8e025 560512 rsync-dbgsym_3.2.7-1+deb12u5_mips64el.deb
 74058f9a77629a3114e88d2376854d1836287786 6890 rsync_3.2.7-1+deb12u5_mips64el-buildd.buildinfo
 65e11ca9eda3851bbe048d04e875ee6a2a0bf97f 409348 rsync_3.2.7-1+deb12u5_mips64el.deb
Checksums-Sha256:
 57a02b90d2e0b8e2e1a07885a84a30d87b9b6c028edb6e9f4ce1f7741635e719 560512 rsync-dbgsym_3.2.7-1+deb12u5_mips64el.deb
 dfc84ee69da94a1017a656099ef619a28b0d0b0415120523546fc1b70ab7d905 6890 rsync_3.2.7-1+deb12u5_mips64el-buildd.buildinfo
 c68dcc73dbd57516df3fa26ff9510fc8e357865a1c8d78396d7c3bd343f5aa9a 409348 rsync_3.2.7-1+deb12u5_mips64el.deb
Files:
 130348cae31e8f17ca26db15d7ebe2d2 560512 debug optional rsync-dbgsym_3.2.7-1+deb12u5_mips64el.deb
 8953bec2e253eb92c476fb829404f267 6890 net optional rsync_3.2.7-1+deb12u5_mips64el-buildd.buildinfo
 52ab68f3bea14e8445cb64c7eb8fbe2c 409348 net optional rsync_3.2.7-1+deb12u5_mips64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE4ZxaH3zEHAF/GhnCHrk2gTKeWggFAmoNYygACgkQHrk2gTKe
WggO4w//XeKEZlZ0zBVvhUP4ny2MR0EigMcse5NUxWi9mFBoIoDC6viGRhlSoBg/
6nC+F7u2xjqLOsiH/MosZ9uGH7FV7rZEOsuuazjT3368uh30iEe1LdduDbMaSZ1C
KntHEVbl+wB9g3g+bD2uw6Bjtl0sloU8pQq+EEdhFETMMAHY9TvkqI36PEIie7Is
r9jic1vgudc98SHg1ePWzrAtKQfO5PhRuMjW95IwTluWfyJ3cdms2HNQuPJyidiX
TxqSrQWsLcg1XCloUyZFoRk2VCXVxrdV20iRElm4Kgm7vocCSP6D6DNC9pJGhDOU
9XyUpFaaHgUnOC06y6PijfxpSgKkX2FFswhXpG4daXVHkAfh4zWsj7PFpNX7/cJk
G2tsSykBbr0xHjWRvR42VFJVQ/+Khb3l4CsyE/cmesRoCgYjh57H2poGk6fFHejt
El2nkUVqk7fKhaEaE7s4vSNtssGbf2iHzHcPASCTACiu+LZTMRz0lAxRB1jDbjLx
C1C4fnZdBytyraIgquQLDYUfBXkPFigX3ik2Q5GO6kL6eT0nsPbMuK2Ml4AedTq/
SWI1Fju01iJCeUcT17MFbFKVTPXkQUq0SnWln7L8iMCyDcKKDtvFunGIATkEBh2a
c1HIbUv1fbhQkp0BtErRz7fh0V6y+EuWson2dbkjdfKLkplAlmA=
=SvBj
-----END PGP SIGNATURE-----