Candidate: CVE-2017-15994
PublicDate: 2017-10-29 06:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15994
Description:
 rsync 3.1.3-development before 2017-10-24 mishandles archaic checksums,
 which makes it easier for remote attackers to bypass intended access
 restrictions. NOTE: the rsync development branch has significant use beyond
 the rsync developers, e.g., the code has been copied for use in various
 GitHub projects.
Ubuntu-Description:
Notes:
 mdeslaur> introduced and fixed during 3.1.3 development period
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_rsync:
 upstream: https://git.samba.org/?p=rsync.git;a=commit;h=7b8a4ecd6ff9cdf4e5d3850ebf822f1e989255b3
 upstream: https://git.samba.org/?p=rsync.git;a=commit;h=c252546ceeb0925eb8a4061315e3ff0a8c55b48b
 upstream: https://git.samba.org/?p=rsync.git;a=commit;h=9a480deec4d20277d8e20bc55515ef0640ca1e55
 upstream: https://git.samba.org/?p=rsync.git;a=commit;h=bc112b0e7feece62ce98708092306639a8a53cce (check)
 upstream: https://git.samba.org/?p=rsync.git;a=commit;h=416e719bea4f5466c8dd2b34cac0059b6ff84ff3 (check)
upstream_rsync: needs-triage
precise/esm_rsync: not-affected (code not present)
trusty_rsync: ignored (reached end-of-life)
trusty/esm_rsync: not-affected (code not present)
xenial_rsync: not-affected (code not present)
esm-infra/xenial_rsync: not-affected (code not present)
zesty_rsync: ignored (reached end-of-life)
artful_rsync: ignored (reached end-of-life)
bionic_rsync: not-affected (code not present)
cosmic_rsync: ignored (reached end-of-life)
disco_rsync: not-affected (3.1.3-6)
devel_rsync: not-affected (3.1.3-6)