-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Nov 2025 21:49:27 -0300 Source: rsync Binary: rsync rsync-dbgsym Architecture: armhf Version: 3.2.7-1+deb12u4 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-conova-01) Changed-By: Matheus Polkorny Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.2.7-1+deb12u4) bookworm; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Checksums-Sha1: 438f66ff57674305ebabfc295ec65b3ee600ed0e 515064 rsync-dbgsym_3.2.7-1+deb12u4_armhf.deb 549c33a25ce46d3cf1d1be4f6c219419ef519911 6917 rsync_3.2.7-1+deb12u4_armhf-buildd.buildinfo 48e211672f9b995314ab02d85dab8d34ea088919 396028 rsync_3.2.7-1+deb12u4_armhf.deb Checksums-Sha256: e4daf065b947aa91b0c03b40bf5465dc3a22da71fe31734acd9e3b529756d0fb 515064 rsync-dbgsym_3.2.7-1+deb12u4_armhf.deb c990da3975088a07789653f8921c2c69d3db603bc1b73f234d1f488d2043c885 6917 rsync_3.2.7-1+deb12u4_armhf-buildd.buildinfo 6b46a6c256a30f1e9b3b76ba288fccfd6f5e06f889defcc2ee3b22e727e8a3e8 396028 rsync_3.2.7-1+deb12u4_armhf.deb Files: 243742da2dc541492c4520c718b5cc34 515064 debug optional rsync-dbgsym_3.2.7-1+deb12u4_armhf.deb 9c8312e97a4a0a7c6b5ceef102f0cbda 6917 net optional rsync_3.2.7-1+deb12u4_armhf-buildd.buildinfo fc05fd703c3915f97357ff80314808cd 396028 net optional rsync_3.2.7-1+deb12u4_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO4qAQUSIo2p/kVRf8U6eOZMpj68FAmlQTY4ACgkQ8U6eOZMp j69tvQ//UAr3IbGyD2QUsPVyQXmagbvHtOYj7vK33OiPcIqVj0sm8hcFEHlrhnKq Nx4ud7MEpS6mx2uiyzENt/h0pyS/nEtYko21mRvAkfOSDUxFhSwJrgU9+uqRtCG/ HSog4ZbgAZkkR6RoxPmG33rB4ZTSw8rHMZJ/ErjCaVg7GyxznjSl42lpX1iUutif 6VnEIiY8XizkLi3iA2KBALHjgaTQ5ep2W54mZ1FnW7cS6WbnAWY1bUfttIfvsmyQ T1v6WoMf4cFDp7phBgdP+DqxiXGBNVCgup1ALMhTcNe9nYsS+doQjuSu8gOzMGgS kanDwUaNDFgyX5B72LzshadBbZ8C4lwibukoFZTBUFxZ2rrtfiL9aKNq9MISw5t/ LUaf6hVSLRkJRy/tPIZdFCzR5adHWpUQYgHYKss+plCJhSU9S5q7bXrKGpMMeizp FdyUCxytoo9rYFaN9yx4xuLAH3Nex47J4qwHNGygvNNuT81OV4D1HGu9CL0nWbWV /NJFx9VE1gWKO2C8nPflKuXJRPMWetjThegZRyhdvoFeSkX8qCe+cgU5iJBuWJvW a6g3HyrjPeIb12DZUL/7TtXNLsKt8S5feUCUZRC/GjoyDfR4ibNGmj0SPCRqAT0I LT9fk0Xn83euQLr4wXAwJ4Nklxbfd/jGMGq/vwXRt3q3tStTbn4= =Nshp -----END PGP SIGNATURE-----