-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: mipsel
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: mipsel Build Daemon (mipsel-osuosl-04) <buildd_mips64el-mipsel-osuosl-04@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 5e1e18168ae5702ff56b410efb18421ed1fa3990 552284 rsync-dbgsym_3.2.7-1+deb12u5_mipsel.deb
 5c49c7abc64b3b9a05507bccff342277ecee2a83 6867 rsync_3.2.7-1+deb12u5_mipsel-buildd.buildinfo
 b39ee3a6ca890af1cab742090527efe28f893690 412532 rsync_3.2.7-1+deb12u5_mipsel.deb
Checksums-Sha256:
 fa75effe33cc02bd7b9ac0b8a71ebf1391e7badf08ad82c4411a8046bea5f65c 552284 rsync-dbgsym_3.2.7-1+deb12u5_mipsel.deb
 b1834db565cbafb05d46f42a3b0d9997e2069e09a393531da28490f232b81ddc 6867 rsync_3.2.7-1+deb12u5_mipsel-buildd.buildinfo
 8652a7975da857d0efcc36ed42c52041a24df504c67054afbdbb2cd6487b3635 412532 rsync_3.2.7-1+deb12u5_mipsel.deb
Files:
 fbe61c784b2aba1d20dd2ee58e0d162f 552284 debug optional rsync-dbgsym_3.2.7-1+deb12u5_mipsel.deb
 90972fcd2684dd06b5ff638004ec509c 6867 net optional rsync_3.2.7-1+deb12u5_mipsel-buildd.buildinfo
 e212008e3720eadeed416e368f4dc2ae 412532 net optional rsync_3.2.7-1+deb12u5_mipsel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEyYUQCyzsgu940OiVpwP2OD8jZaoFAmoNY08ACgkQpwP2OD8j
ZapVkw//ZoJfq51oypi+PzlaTVOeL5jJJhfm/aRszj5Gx8zGLsP77Nhzfb+X072S
Ho+oZ9FZ39lwtKZwWj4eOyycUvFO/H8hwPXhq6cK9CULdUcPboSKsE4cgHT4PUAL
6IcKpD5qS3M0n2i/dFSYrgVPyYHOnDqtu+TNlw/+x8+twMD/E9TE0bSRvXFXTjXA
lyOmSxvo2hfxJ0nm5LB6xxi66G0SH3UsvK8lJw75iCQ76UGMtkmNfY6sU8nhPM5S
u1doll2ZKwfTlpIC3ZSdXns4H/pJOAJ+C7PJxvUJ5NFx+/1DY5ymwfzfb1iOyWP0
BX/nzC/F1eIol/odltRvzQlpLCU2TCC3riQbmX+BzUWFYL8A0+D9fHTEK7Zaxi7J
jvOJVdJnLrjDajmDZJAsnaQgkUdFWFkHkNitJu1KyGEYVDNEvz9cW9atoYQpg5Ed
4DGcFxeTZxK+ldzWGPiRwhmkj9JKgcZ1JAhq42IN1kPWpnfIwd2KU/WZ5skILemk
L52eeb2F6rrfdElyPawhUyvHHuHE3V2K8wGM74cnhjLdaVOK/gUA4FlpKQX0/mHK
4qOfGacHAD4wP/4gmhnxROGEwvBEvogUvTGF2IeCDT1bu/NTm+wwXki1lGapXrZ0
C0pptuOvglPlulZpot9icjIsxh2xe1J+hHNisw5AYMx9u8oNUlk=
=EBIt
-----END PGP SIGNATURE-----