PublicDate: 2008-04-10 19:05:00 UTC
Candidate: CVE-2008-1720
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720
 http://samba.anu.edu.au/rsync/security.html#s3_0_2
 https://ubuntu.com/security/notices/USN-600-1
Description:
 Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr)
 support enabled, might allow remote attackers to execute arbitrary code via
 unknown vectors.
Ubuntu-Description: 
Notes: 
 jdstrand> 3.0, but code is in patches/acls.diff for feisty-hardy
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: 
CVSS: 

Patches_rsync:
 other: http://rsync.samba.org/ftp/rsync/security/rsync-3.0.1-xattr-alloc.diff
upstream_rsync: needs-triage
dapper_rsync: not-affected
edgy_rsync: not-affected
feisty_rsync: released (2.6.9-3ubuntu1.2)
gutsy_rsync: released (2.6.9-5ubuntu1.1)
hardy_rsync: not-affected (2.6.9-6ubuntu2)
devel_rsync: not-affected (2.6.9-6ubuntu2)