-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: ppc64el
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 e9144eb7b4213eb268b346b9d8b1da1fefcbe2c8 548740 rsync-dbgsym_3.2.7-1+deb12u5_ppc64el.deb
 b60c42f11df2f7ffb24148bf717c378f16e4bba3 7098 rsync_3.2.7-1+deb12u5_ppc64el-buildd.buildinfo
 0acb4863317124b62b2db3bb9e0e2ab6afc2fdea 433892 rsync_3.2.7-1+deb12u5_ppc64el.deb
Checksums-Sha256:
 41343f93b1e302276680ca3332194e1bf8cdf93d7e6e3c19c80a6fa27a5841fe 548740 rsync-dbgsym_3.2.7-1+deb12u5_ppc64el.deb
 43df9a825abb492a9de685482f70b1780e03c7f9f3c4ec12ebf165aaf8ed6f83 7098 rsync_3.2.7-1+deb12u5_ppc64el-buildd.buildinfo
 6dbff9f87bf0021bd91ebcde1d2b1a2b5cf720d77424ac3891d8c0905d1d30a0 433892 rsync_3.2.7-1+deb12u5_ppc64el.deb
Files:
 8e4077c9f65fdb82f5e875662f1be1df 548740 debug optional rsync-dbgsym_3.2.7-1+deb12u5_ppc64el.deb
 2004024563c20bf03a63c4121a7ffe66 7098 net optional rsync_3.2.7-1+deb12u5_ppc64el-buildd.buildinfo
 d0e3afa3dde8d2692fe17d5f6b9da3cd 433892 net optional rsync_3.2.7-1+deb12u5_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmoNYvYACgkQDNLUPhbm
g7PwgQ//XbuJHuDcOC7LLmwYCb106QPbL8AY7wmledMsdMSjvGfexvjqXalSh4Xm
+sFDavQnz8tCxs13Hc4y23UbGKUdHpcIzLFA6SStWGf0vddAb/VDvePO5L2o9EuG
PWxs61DWq6TZbds0JkR9WxruJKzkrWGhW1fL6iTY/xLPk5SfBVq+MFmzRhk8oKuq
VaThaJ2/tIDV9bANcxZyyWslBzOpna4k++DS0NJP5m6usLkeEZjRWM/fjd3GXK31
+4/qty903wdHmvkoZZwI0LrWoyvvlrS1XTcG2lV+2YbA14OxPQtiOTxYYmQOkIqq
/dKfbmY8YrtUAhQV3hBjfLsHU2KDp/CIoWM3sUF9wlhjPFBXHf9S4LmCwPOg5Oyb
rifWNyXjJ2RbE8SQs8X7KrV08R/jUrfLZLyW7N/IFpkh3ElGkXKQafw8M4wN09b8
McJIfj6YfblsYxaRGAjwowH4hXgK0knIujYjAgUp7vRbpzUqEVJHLARnwFNv4BAt
X2M0eoUoi8N2ud8fSafkzySLKG9WUlFCNK13Gn8cRThii/ZjP7puaYdRb0E0LJcF
Ql2dhuCks7tQ0EDJGvrFX5OlltNHfwBLGCMAE73t54arT4lmicukub+G9Z+WXpwe
1NPAsOF0zOBXG/hWewnbmYNFdATT8E6JlqaciMlsG86wE7lgCAI=
=TyZL
-----END PGP SIGNATURE-----