-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Nov 2025 21:49:27 -0300 Source: rsync Binary: rsync rsync-dbgsym Architecture: amd64 Version: 3.2.7-1+deb12u4 Distribution: bookworm Urgency: medium Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Matheus Polkorny Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.2.7-1+deb12u4) bookworm; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Checksums-Sha1: 98ac2ce5291eeecea6e7fc2631dfff0e8587a52d 518928 rsync-dbgsym_3.2.7-1+deb12u4_amd64.deb bc906d2961494c270fba881aa95a9ee44bdc3365 7074 rsync_3.2.7-1+deb12u4_amd64-buildd.buildinfo 9589dd6ca4c67696ff6efc356794871ff93686cb 419256 rsync_3.2.7-1+deb12u4_amd64.deb Checksums-Sha256: bbffa1d32d4e7781a32ff81a7f37260895ac9e056c0be52d29a31af12905147f 518928 rsync-dbgsym_3.2.7-1+deb12u4_amd64.deb f3c8c60bdef831c5015230e9e2e45d8ba2f089257f5ba1493223659e88a85eb8 7074 rsync_3.2.7-1+deb12u4_amd64-buildd.buildinfo 1a79989697192d04b2f52201c8fd22a7ee0fafea4b606bd05a5f66e291a4347d 419256 rsync_3.2.7-1+deb12u4_amd64.deb Files: 7990baa560c1ec8ddc073262c28e2389 518928 debug optional rsync-dbgsym_3.2.7-1+deb12u4_amd64.deb 69041a1590ca6ba98c3f1ecffe71eace 7074 net optional rsync_3.2.7-1+deb12u4_amd64-buildd.buildinfo 89320968f6982097950b2cbe394f747d 419256 net optional rsync_3.2.7-1+deb12u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmlQTWMACgkQEbCLukZn 24pCJw/+Mi0QPq1cCyZbmRfJoxm8y6iCe9+q7hylAiAiHVuSS70zsADdORVuU7x5 ye2TfaKQglnXflze2BQocPdakc2ZAqHmayp0+8bRWMYsF/qmlSipo/B6Sayd/PtE /qV/C8T2T51L5/a9XfrPlBhNhkq9WQ2TtnpJ82nOj8HR45A/m66Ey/W8xBgxGtVN YMSn8sxtYqdF4qw7eIP8owf+dlxwxmHrAPaCqlv5R9lXq0B6d/wq+Qh9lt9iiDpy nJA3HJIEsFKYKVOdYyEk61XRmFxIqi0b+RODjypqCmv0LfZP6/LuuRXY0OtDE/tW OtyyhosmSN8hFPyjv3MJ+JSiMBQfUT14QaDnuRCRhAg8nA5dKWRcajNNgJytMkeU W413QAZFbPk+zNflUByUOOqYL28ViOzgt5AMz3dST4WCgt/EI8I3TPQqzPLo6ltq hSG514jDaN9wymXbvYYC+ob3qnnE1gVlhvU4W/3IERrD9cstiFvMy75jAOf7vYgt 57YFFPjwZ9Pv4ydc8lviGj9opMhNSTKA9TI0xXk1RQFZU6fhuP+/pQ8hWSp7cUSu oWMtCBR1E7a2Uk4kDyOgUsqV8q3OE+Y1g5jxXAlANKWHhw62WpOBZf1L2jmVWsjE Zp2b1TSHgM5H6Rqgdud4AFdcWbRJd65id3qYykzaPXpHOcEXOBk= =HTXL -----END PGP SIGNATURE-----