-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Nov 2025 21:49:27 -0300 Source: rsync Binary: rsync rsync-dbgsym Architecture: i386 Version: 3.2.7-1+deb12u4 Distribution: bookworm Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-conova-02) Changed-By: Matheus Polkorny Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.2.7-1+deb12u4) bookworm; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Checksums-Sha1: ccc571db75267e412aa8b50c6e1858d7ed5a0e17 459812 rsync-dbgsym_3.2.7-1+deb12u4_i386.deb 2af546f0a8333274610fed391448c4b73a393efb 6998 rsync_3.2.7-1+deb12u4_i386-buildd.buildinfo b99bffb7bbe1b93c4aabfd0b42f96283e3f0be5a 427636 rsync_3.2.7-1+deb12u4_i386.deb Checksums-Sha256: 2d72b5d9d0cd1cf85e5c8b5d0dfab62825c8db3c6bb0cc4edad311b160537483 459812 rsync-dbgsym_3.2.7-1+deb12u4_i386.deb 20edf31ec1cc6436434d97a3e24921f5a95d0d097bea2300b77ee3b03d106a63 6998 rsync_3.2.7-1+deb12u4_i386-buildd.buildinfo 264f8cbf1c194282ffc1bc296ec1473a15f174681246b8dd1d6715262caf0344 427636 rsync_3.2.7-1+deb12u4_i386.deb Files: ab93adc346fa47aa7dbd8837be3900a7 459812 debug optional rsync-dbgsym_3.2.7-1+deb12u4_i386.deb b46f95c8c18c5f1069eb2091786fdcd5 6998 net optional rsync_3.2.7-1+deb12u4_i386-buildd.buildinfo 9294d85ac37ded2b3c0478209e2182aa 427636 net optional rsync_3.2.7-1+deb12u4_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEErwLLVsiCiGZggzpHJuP6X4A0XeIFAmlQTcEACgkQJuP6X4A0 XeLZgA/+IIn4NHwyw6KjfU85fSA8pVg9qXBx63ECijVNyedhesXj692IXbtzHRSU lgKM5zkBipRLWdpfejKK1t+5Ctc2T19DUp0WMDcsjX11YX33iajnL+mQMGkjJQX5 ozm86Mal2WUs6xecEze1IyRq03QDauvPpBXuSQtHGYqR7uBM+wxN6jr3uI2iiZsJ 2kmhY2a/AEjaDZgyX8d+hB/i/S+pKwOfivVt71A+K1MqqyudwLVqtj0+B3okhtkd p0z3ZMNO+wp79T/Fe6failER4M9u0VgcOKqwQKH6dYZ90GUHqSfCH3K4rikjvxFf lKhWCGbb08w5RFi9MjGvoxhvXgKAGaPsF99WD1PQBAnXZ4JJBHcq6WzzfdWOwHzS BNp2kQ2CWp2aTwZ/4td/oWY/yfHvd1zC7AEoqDQYqV7lJl6Dc+oUWxBUO5M+keQY sB/+kKhwZHe23kyHaDX4yvikgf6fktEsPt6EfYaA0C/wKNBj//0xtvhTFdTj+ptX 9NXtxIqZRkBym85GcfJ5wcMxQJ/hY+hcrdU/DLbaO2NS6Jb7i3iiTWxJZEi4uCGJ Mhs5NoWZSCBUOf4Dze/j9Q2griUGKemA5inBOBeRcJTnO6bpT5rBKSqmiio1Mc7D eFTpPNcxYiyZSxzFBUnHCkgSV1bPllqKdFtiVeeBRSVdPC8uwLA= =VLrD -----END PGP SIGNATURE-----