-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 20 May 2026 08:10:17 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: amd64
Version: 3.2.7-1+deb12u5
Distribution: bookworm-security
Urgency: high
Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) <buildd_amd64-x86-ubc-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.2.7-1+deb12u5) bookworm-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
   * Fix relative paths in aclocal.m4 copy upstream for
     m4/{have_type,header_major_fixed,socklen_t}.m4
Checksums-Sha1:
 0b7f3c9c2af93b0359979df52d7d7b63fef40f7f 537084 rsync-dbgsym_3.2.7-1+deb12u5_amd64.deb
 5e88e0ac650a8bd78b784bee668d044e77a48881 7086 rsync_3.2.7-1+deb12u5_amd64-buildd.buildinfo
 0754a3987b8590346550eeae2abeecd62589a2f4 424536 rsync_3.2.7-1+deb12u5_amd64.deb
Checksums-Sha256:
 60320d5d0ceb0e4ad2cf77f5f97aa667e05049c7a765bcf18bc4ada3a126eca2 537084 rsync-dbgsym_3.2.7-1+deb12u5_amd64.deb
 5cacee469f1a7d7fb71ce1d8eff9291abe54cdc718efad068b4ad8f06a6d0307 7086 rsync_3.2.7-1+deb12u5_amd64-buildd.buildinfo
 7dbc5cb82b8d70c61747819a3ebe397bc4c5f274f266184e557860f1b7a6cafa 424536 rsync_3.2.7-1+deb12u5_amd64.deb
Files:
 f8a9b0a8f6d28923dbed9347c2484d6e 537084 debug optional rsync-dbgsym_3.2.7-1+deb12u5_amd64.deb
 b502e0c1b03662ff809f1edbc3d45e60 7086 net optional rsync_3.2.7-1+deb12u5_amd64-buildd.buildinfo
 049f3668d8d8ffc0e57f0c501cf91c75 424536 net optional rsync_3.2.7-1+deb12u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEmtr4KUMaso2EQ6NrTwt/65ON6zcFAmoNYuUACgkQTwt/65ON
6zd0Nw/+KTIuD6MlukkZvPQYXf4yXN/sT2jS+pgad5Sk9m7cR4sEEx2Au9Hvw0RZ
BN3kS0lz3ZGp+ZKdNEyibjjff/rWqKvzpvRhSrQGlCAOekrlPIQubh0mc2kwb7Gc
tNEqy+i2sKLBFvGBaqh5kuQ5PpODNJHj+b4JMaRyt15tjWZRl+9WOYJDsUqiMdIN
c9B4PyOC2PheXBzh1sgZ5LZXmMOg24F3aXOS0zwwh74xx6ChLJFUrrKEl5jq2ElH
hC2xWw0xYfLVaU3oYQ+vEOc5r8tDKMhcazf7mc4cc2xe0X7ifxNjKuvY+s5UAaCU
PsyXTw5Eri/yLS6IHgPLpENvngVF/UEAvgu10/YdgAOaLNKz64Umi6mM5w7kErpT
9Q2xxLyy2cRg01Hoo7eEdERE/oQtSDp7HAepRvPZoT1umTpp1kWTA21SB4Lx2wsO
GJBPCk/gB5OkHQDCYpS1hrdZsxUnDhDnweDs8jWiJAhy5miQxb2ywwDWxUb0UgFW
gJJBD0L0qXNKghBCJ177PrsBMJC6XyEu2/zBhJocP7g9dFtzcYzoV2eLQ8QwzKLp
itX451uBThB5ypa/S9ll9fthrphfW7D05RrUblDLEaCf4aOVpFLPq7qWFC/iT9ni
e4VpptN7SM9TOOO66SYCzqlc+VI7gCx4l2D62blb+R/DXBSkqfc=
=Moen
-----END PGP SIGNATURE-----