-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2026 20:33:38 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: riscv64
Version: 3.4.1+ds1-5+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: riscv64 Build Daemon (rv-manda-01) <buildd_riscv64-rv-manda-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.4.1+ds1-5+deb13u3) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
Checksums-Sha1:
 dfe4ccff9b36ec9de41c69452c870aba7ce4615d 529916 rsync-dbgsym_3.4.1+ds1-5+deb13u3_riscv64.deb
 9f6e619eef9a4655639f84c0b754dc7136087687 6698 rsync_3.4.1+ds1-5+deb13u3_riscv64-buildd.buildinfo
 531bdfba154d2b61a6681eb9627dad22bde94a95 435024 rsync_3.4.1+ds1-5+deb13u3_riscv64.deb
Checksums-Sha256:
 d495288d9c7e29060058b50d45634f51d4f235f8f317e7e7248600142816a2b9 529916 rsync-dbgsym_3.4.1+ds1-5+deb13u3_riscv64.deb
 c62ba2397c42477c36b7089c62821ab6bbcea1fa9fa2a96554b90434386a84b1 6698 rsync_3.4.1+ds1-5+deb13u3_riscv64-buildd.buildinfo
 75dca8eff7cb37c0925819bb31d3734541c0660e25962fb2d671f4f11e1ea565 435024 rsync_3.4.1+ds1-5+deb13u3_riscv64.deb
Files:
 1025ed473ef840785bff143ca90c8afa 529916 debug optional rsync-dbgsym_3.4.1+ds1-5+deb13u3_riscv64.deb
 e2d938985d8018447872b54b918d9c4d 6698 net optional rsync_3.4.1+ds1-5+deb13u3_riscv64-buildd.buildinfo
 92521d2b3bf777c22329f3e3276f843f 435024 net optional rsync_3.4.1+ds1-5+deb13u3_riscv64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEwN+C+Bc8deN4UliX50ghctvtZFQFAmoM3KYACgkQ50ghctvt
ZFTeCA//ZC3pcUK2mFalNue4BJoB9LovrM1YMsrVRLqTzrlp08y5S7xdNBDcLmHV
XxCnUCDxmiK+1ER/ynBvBPu+ZdeDVinlZ5+ScenD+SmQ4PzM2LeseGtliW4HH0rA
9h8uiadDoVsOJ0UPqTc8da08a9r3NekcbwDSrGPNoxQ8QOcFyZH6BrOMb8Fh9BKp
dOW8865NhdFP/9VnfMVbdL2JFMo4AaTMvQI8CtcEeEL+/UARVx+oBa9GmRkzR0ZZ
xdxqmsT7aUZlNiChwUK5Hei9kVHe2cEMo5Lr4Zhk8WHQbhyXG0zdWyLa7UsSu7gn
hvavJp+5hXIs9+dZ878x+ty3ib8o3HQzSEjMF5U3RsE5uaR6nY5R+ohxhig6Yu6W
IGcUDuIarqw+E6HBvvZMcxcxrSnqm1rXuByZT/87uVe6wo+U9I3DdiWNqTl11ekD
zo9ERnktH5OO6HkMOXKEiTxnfUOUrCWCyY97Ui5PL2ZUfP9aPzf4CxBhzCsTdYPN
bhj8smKU51oiBMVJDUsJmnNr69q5oKh6lmoo/CrFY4auJ8aDZh3DkUdPgkh6RcbE
jwUU5kQ9Sr282vAkCtYBomlSjBKmlP93JtDRrMcMpCt7L6YUNWPUhtvYTXbaL++Z
2ANr8ANaRWYRndDW7Ytq38ms9NJsN4Ruq9GhzOGB6RpQZt5VCxo=
=Cqlx
-----END PGP SIGNATURE-----