-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Nov 2025 21:49:27 -0300 Source: rsync Binary: rsync rsync-dbgsym Architecture: arm64 Version: 3.2.7-1+deb12u4 Distribution: bookworm Urgency: medium Maintainer: arm Build Daemon (arm-ubc-01) Changed-By: Matheus Polkorny Description: rsync - fast, versatile, remote (and local) file-copying tool Changes: rsync (3.2.7-1+deb12u4) bookworm; urgency=medium . * Team upload. * d/p/CVE-2025-10158.patch: Import upstream patch to fix CVE-2025-10158 . A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. Checksums-Sha1: 21c0040b6273b32a0f50cb5b3aabe97380364bef 514900 rsync-dbgsym_3.2.7-1+deb12u4_arm64.deb a54816393e304cc7cc8eac18edb8f9e1cac988fc 7073 rsync_3.2.7-1+deb12u4_arm64-buildd.buildinfo 065146fcb7c0cf1098f7d84af6eaa88936ffa7e7 400512 rsync_3.2.7-1+deb12u4_arm64.deb Checksums-Sha256: c0811102403fd938d0c531fbe02d527dee817f2509f0e34f2853a4134ff6ccce 514900 rsync-dbgsym_3.2.7-1+deb12u4_arm64.deb 2c873c8cd69f58716dbf9753d78df271e919c1aa45c3566d58aa2f535c3342f1 7073 rsync_3.2.7-1+deb12u4_arm64-buildd.buildinfo c56b6388da4c38487ed0f3942b9acce8771172e81fb6ddc11aaea16df85ee1d4 400512 rsync_3.2.7-1+deb12u4_arm64.deb Files: 35e0e02a35ec8f4efbd3a235eb49c80c 514900 debug optional rsync-dbgsym_3.2.7-1+deb12u4_arm64.deb 983242c1ad75c6d45e96258bbc7ac47c 7073 net optional rsync_3.2.7-1+deb12u4_arm64-buildd.buildinfo 30ddad7c14756c036cd486a10f8306c7 400512 net optional rsync_3.2.7-1+deb12u4_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEq41qkgEcGaML+/CnCr/D/stJkDwFAmlQTZQACgkQCr/D/stJ kDxGlg/+NI63J5OxJ9TdcxblnXA9h/3XebmmIH5DI3q4N4kWKe182U6oNXDncWKb 7XLrNKdifpgmC8GCFot3LD3E34f8JZ36RPhxJoVKkQzk8/E8j5BOpTerZjtwZU/1 +l4vPg71+ubBz5Mb+Ru6ctFKHan01rfcrimn/kSuAb9m5XeAo32YOevTj9eJ0uN7 jnlNJw9tMdh/IUmPf4r71ragLydJE/RNUaeX19pZd/u5amCGFpcjiwLhUgjE/zch +9K5v3AuugTb9gbdz+lQGcILn1kjokaRt9iXK48Ux0FioLxxCITRKFy0PDHoAj6r 6YhNMWo7pwkAd0lKLCLToHRHzgCDskm229Mbsg/zkn0D9aG7IlSTr81G31ORtb2J 0pCtOaUTcxs8UwgTJugV83hx0tG2l8Hpm0znV/yT+Ai7KAeBLy4Xgvy5TxsLMqIf mOtvH+JhKVqrh7OqBbcObusC6ae1mWMtZjcWI4PMD/1DjAYf5xcPbU0Rs9wtxSGt +Rj75GCVTYpbTySpB6Q1Q/3DV8uAkXK9q5ZzOKJX03H8EmN9ZXUdjwlv9STrtKxA 7lRFfmUgHH+cBiYzLYMlkgye2qEok4pMZGuYdx9xmuvS+vX5+VZTHRo6Q6tDkaD1 wRazlIuuTxIa4SAciDj+bxq8P8C+zgjWJ044H5kZcFFnmTvpePE= =l7iS -----END PGP SIGNATURE-----