-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: i386
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: i386 Build Daemon (x86-grnet-01) <buildd_amd64-x86-grnet-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 080c6c040f211ea9c80c5cfa968ffd86912b0e2a 474528 rsync-dbgsym_3.2.7-1+deb12u5_i386.deb
 6cb149e5a9214bf673e7bc69677d632d78496de9 7026 rsync_3.2.7-1+deb12u5_i386-buildd.buildinfo
 110652b709c5734eb6d0db5e3154c3b8e4abb49f 433508 rsync_3.2.7-1+deb12u5_i386.deb
Checksums-Sha256:
 0321dcd7ea006328e46d41ea575e5dc06249677489875daff1c36ccb5739cb88 474528 rsync-dbgsym_3.2.7-1+deb12u5_i386.deb
 67177f8ad9c953f9c6bb1ef4731796ddf243d2bdae2113dbacff32c99b4cb67c 7026 rsync_3.2.7-1+deb12u5_i386-buildd.buildinfo
 21a42f2bfcaf900b84dc8104ac7628a6f2577cd2a9e203651184dc90235104a3 433508 rsync_3.2.7-1+deb12u5_i386.deb
Files:
 911dc660b7dcccde2493b6abef19c15f 474528 debug optional rsync-dbgsym_3.2.7-1+deb12u5_i386.deb
 c74af8fc1f6d1fdade422b7b9e3dbf4b 7026 net optional rsync_3.2.7-1+deb12u5_i386-buildd.buildinfo
 8fd6e2eb213b09af17624168ca71250a 433508 net optional rsync_3.2.7-1+deb12u5_i386.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPAUaMA0H0rOy6qBWf2INRiCdaWIFAmoNYt8ACgkQf2INRiCd
aWIk8Q//UOd397FQbd5ath7C8QX2iScFNBxP83oK9rDt1n/ero8O45mBT3MOu+hS
3dGPqymTJo8sUxT+QJJd9Gf89Dl9F4V8G+/fCWFdCfevKKjEKFHJ1MMGgudBu7M7
l0w22xXNJGqSg5A7XE4w7X0jBWYvve8d4t2s5khQskRGFvyl7uoSNZT85SfHQzoX
M2shpCyQKZJdGU3oSPLwTpOZGTUU1R+VqfuS5+4ob6/64XT0xSSIsqiSL5bptrJx
zAon9onYVCkjOEEhJKV2By9HUHy0RMhXkxRl7zpTdk5KStGEpncvKexVc+svmWSa
ETonPE5wQaDY7BPlaW4yMNWOWdDD1dxP0yCEbgY9dKRqjughNN/uWdbZOiaVd9ez
cgVqI7U8jTtqD8GbnXgcQApStszoShBc1axMdOk1nlQW1ZRZRfORzUYncI6wmy4C
NJVJcmG2xfNOFd9qlarqTFDlQI+gBQC6LnDTTZgj97QSqhTnFuDOdwwabXdaN604
t77mrDmtLwk81sptFnPUHd+0kxF5MBSpxI4Q+OQsSr8rzqa8SiUaGsSOJoI6j/Ky
TidcKnuGMj/XKBV8yQ3BchVhcYNuquu/E8Z0F/e4vPN8lYsWvl5qPpMpZiBPffl9
u1cNRnj78BnRfF/1BOavjnrLlz7LSM8XE3Tpcn+Md/ZmShh4sng=
=4kD4
-----END PGP SIGNATURE-----