-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: armel
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: armel Build Daemon (arm-ubc-04) <buildd_arm64-arm-ubc-04@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 76871aacc8908bbc0c627e4cd21a1e5446b422e3 523376 rsync-dbgsym_3.2.7-1+deb12u5_armel.deb
 30e38a28e8201ef929e3baafe443507561be4b62 6943 rsync_3.2.7-1+deb12u5_armel-buildd.buildinfo
 ddc2b19a2b903514955eba42059cc15a2f353f2b 398812 rsync_3.2.7-1+deb12u5_armel.deb
Checksums-Sha256:
 7064ee21ba3bb8a2e346949645e1950fb1e527672c83167b1a1e2d0c57f31e2a 523376 rsync-dbgsym_3.2.7-1+deb12u5_armel.deb
 3cbc6bc363ff4f53fb2d9a8ac3b0d8b7591873237eaf9ecc1c2ffa8387002bfa 6943 rsync_3.2.7-1+deb12u5_armel-buildd.buildinfo
 48017bdce62c84f070934c7cbba81a8185135edb00e5b91d1742405d964a818a 398812 rsync_3.2.7-1+deb12u5_armel.deb
Files:
 735532130d3ccb0bae4b1380469ae398 523376 debug optional rsync-dbgsym_3.2.7-1+deb12u5_armel.deb
 519077cc13b007bf3cfac2fc96005727 6943 net optional rsync_3.2.7-1+deb12u5_armel-buildd.buildinfo
 0386cc265ca550079cea8408b9a8b838 398812 net optional rsync_3.2.7-1+deb12u5_armel.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEECx5fXZYVNP9tMtwlK1PZBedPspoFAmoNYtsACgkQK1PZBedP
sppfdg/+Jhdke3YuxzeqaF0fzAyXYgd/uHCa8WZt3boD3mOtAPLMjAsff3YrvTU6
sx8UbIlJsMG7vRwz3B7h/6NQwMEQZwEiUsmt2y4NSu/f3ILK5nyGld8g14jkHFz+
X3Cye1JOcDSu+usVegoLH/oDonZkgfrBi7EqjwT5f8ce0mki+qZeBvCf8yTRcvU+
3mfwue7Hg4IkN1d+lGF7NuAPN66pmLu6H7NL5TMtGRguUA5mQIf8R9g5Lxr8kbp4
thmMCTNmlUHljgQSXwNN3CgFvNpLn3BWSVS0MjiikOOkIJ1fwlnM/viLH3veDWHl
rPG+HHlyzYKZIXVvJzL7jU/Id3EeeNrqpgZbJ+hWw173//gDktVYbL51fCx/U0qZ
v1JxxSwjHhMsZFXhBrI0BJ1y7uGjmm9GhGFKtEyG2JWvyAeNnQpfkTnIs3Dqecni
WXSW74kbdIdVOC/eACIFCZD8JyMV24lMBbjw8QXyAwpwPT5nvdR3/TAvYd+9YEeu
LdGLmbgVE5T0gKrjGWn7lIlhnj4WTRCD0pJvgTXc4q9K/sLLGcWkKEHX1rHO4MRF
qvNQHJcgjG+nQ76gBf6Vs7zbTKgO++1jskNK9X6mkbBG3LxN96T89dW5o0Or/NOW
dbXkpqUMuqY4fktUI+HSr16+oExUP+hDkwAfZ0I4t3/3UdOXNig=
=HkYL
-----END PGP SIGNATURE-----