-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: arm64
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: arm64 Build Daemon (arm-ubc-01) <buildd_arm64-arm-ubc-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 ef2ec2c4f3ab473cda1c23d62a4d76a1183e6902 533408 rsync-dbgsym_3.2.7-1+deb12u5_arm64.deb
 2a00d67df7a5e5c928a8a44bd0aa1e005350eaa4 7101 rsync_3.2.7-1+deb12u5_arm64-buildd.buildinfo
 75ec90a16a723838842f786c56d993099a719ba4 404492 rsync_3.2.7-1+deb12u5_arm64.deb
Checksums-Sha256:
 5c2605a59ad34435d8ab7cdf3baf97623b059b54b0c86179c0ec2172032ab927 533408 rsync-dbgsym_3.2.7-1+deb12u5_arm64.deb
 f79a5262cbca7f631ffe05cee0bb7dc03ee361e595cd2285b037f97b31e905a7 7101 rsync_3.2.7-1+deb12u5_arm64-buildd.buildinfo
 6f7a60faa4408d8da4d5804089891fdefded71d84b8180132ae70a058c6f16fa 404492 rsync_3.2.7-1+deb12u5_arm64.deb
Files:
 1054c7abe0dcf7a4574f5df667e1817b 533408 debug optional rsync-dbgsym_3.2.7-1+deb12u5_arm64.deb
 5f4806a49bfa0702fe386a985a219151 7101 net optional rsync_3.2.7-1+deb12u5_arm64-buildd.buildinfo
 1002a23bcd0f6214ced78ee208e9e063 404492 net optional rsync_3.2.7-1+deb12u5_arm64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE0Ha//LlsGOpbQ/H4xqCFmsOWgoYFAmoNYuAACgkQxqCFmsOW
gobitBAAntWQ7UFXS3dHU9BU4xPg/Ezhedh7rhaA1/AZHcdGCtWHDqCv/mzYz1Lc
mLk9OXUT4KsdWVPZb/bgu8AMdsa4ctnN04v1ZN62nFLSsGGvEvrAF8X9gWCNnevD
uQaf7QgIPbMKhOTSkjL1hAMZM5vDHFsafOY69MFaerYcSJOXhOYchRB+xP27HrFJ
mH9o/mNvSt9tMq2O1RaiuhMSCachYRvamfei7ZwieCl2y5TSb/pX4MyKP5ThB9RQ
yDdsx9C20dD+kT3T7fXbi7ncgmsh8Wz26aUhL0EMqMElYvlQUi4Eea0bwbN5JBCq
WH0crumrFpiEcKPYYWETiJD2OWt1s3k3OTfUB1PoC83cC4tYMarWBUqo6zuvOxZT
KSbLGWofw8R/fFbCCnqt0awkrL8bGxImM43l6W87h2GbKRxEBcnYNDJOhHwi8/2G
nssG1XO0zta8hx0SZrv5J/Hg6nRmPGYimrjKkEgWGPOsIkEyI8vi6AhIzMGk+DCi
fYl+/ViSL4YqspP3ONT0VD3DDajMu/fmLPkqHiYy6zza5/CmSEo/HU2NNZ/PVKY1
EClUiS3YuaYraZaDFGj9YkWovz2FOXaXHRMugII28cpRnUpUFBcduAf4c9272Lvr
JhkMmgsdJBJur7bzwufG6f+2E9VY5P3d2VCODuvhzkIYId9385A=
=K+Wx
-----END PGP SIGNATURE-----