-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Nov 2025 21:29:04 -0300 Source: rsync Binary: rsync rsync-dbgsym Architecture: amd64 Version: 3.4.1+ds1-5+deb13u1 Distribution: trixie Urgency: medium Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Matheus Polkorny Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.4.1+ds1-5+deb13u1) trixie; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Checksums-Sha1: d61237465ecea43d2d7478b768bf988f4720339d 534824 rsync-dbgsym_3.4.1+ds1-5+deb13u1_amd64.deb 20a84bc795d543295bb6641fbbbbe7e6b9672d03 6664 rsync_3.4.1+ds1-5+deb13u1_amd64-buildd.buildinfo 2ec4a925a127414ae31a8939dc7956a0651b1362 428556 rsync_3.4.1+ds1-5+deb13u1_amd64.deb Checksums-Sha256: 0d3b01d2b070bed41d64ed256d653edd18edce58cb89d7f57dd8fbc44cd38373 534824 rsync-dbgsym_3.4.1+ds1-5+deb13u1_amd64.deb 93ecd591460e6d0de4fb5f98ec23adf85250186e1c285b7448ddbd15e191f90a 6664 rsync_3.4.1+ds1-5+deb13u1_amd64-buildd.buildinfo 5fa05a5af32de74f7bde792945b0c6496c726e4786ef6b0e3c460c17ef0b3b23 428556 rsync_3.4.1+ds1-5+deb13u1_amd64.deb Files: 02f249f758105a916a4329f993c88166 534824 debug optional rsync-dbgsym_3.4.1+ds1-5+deb13u1_amd64.deb d96b4ac015bc11e7457afdad2bcf8eda 6664 net optional rsync_3.4.1+ds1-5+deb13u1_amd64-buildd.buildinfo 872bb985beada2e712f02908ec30f2d3 428556 net optional rsync_3.4.1+ds1-5+deb13u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEHqtYLkdKRyCY94K8fUw6/tXbAmMFAmlJr0gACgkQfUw6/tXb AmPYahAAlRv4BvAfxw0+bjq0+ITuWfxu2dcmeYwU1pU3AMTSuqwWhFAtCBfuZxTI m2yQmrJPyksoL5XcQfQqUgEQM6OfnU/DInjWFik90Yb0hZ0ggt74jGyOFgH/EKNE fx0lXBpQcBf2nBFTsFlFdV7Zb3g/EObZavtvq967hc/WeWLJovYztCHRIC+ViJre ThOe2yhEBneMfbmV2MnHrN3dS9hREvxk/3quGAIAdDkQ+g+t1aNrDRzRpG3W78FZ 1bGVVuMrXm2lA1OszCGxqO5LheKHmc1IARGEnBLNudnp+UxFWh7efMICWwcfBMcm krvJ/M36KemcFBprZGzDSVnjbnuTMZKcbeh5Xdo49fE0F23pTbzXs4/MNWlxPWjf 8pB3w+xNf1d9qfTrsoY3mA69w1lHpjwgIR1zX2P0tn65Pp6BcpCIZewsVHn5VEdQ gYPleWtROjprek8p96GOr1Dp9l13MaYO3hozlWCSytRRpry4fWb6Aq+kyu5TT7Tm jsNnbk3YJjcWpGz9waTyeWK35wRt8YLTGC72FdSaPdET1gZiClVxt39sNrkQGeXD NWEEu+6mAUXxKxx69OTZ9OLKR5SCzFActh0rU1bDWRnUUfUg1vPqvC8DE5pXsEhV u/zbgPRy8aKN0Ho6t6rMX3X/wSHtlkPnjyebrz3bPsL0YwK9KvM= =8hPp -----END PGP SIGNATURE-----