Package: lsyncd | Debian Sources

Package: lsyncd / 2.0.7-3+deb7u1

Metadata

Package	Version	Patches format
lsyncd	2.0.7-3+deb7u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
dont_install_lua_as_docs.patch \| (download)	Makefile.am \| 9 0 + 9 - 0 ! 1 file changed, 9 deletions(-)	upstream's makefile.am defines variables to install the example lua scripts as documentation. The Debian package installs these lua scripts as examples so the upstream macros are removed by this patch
fix CVE 2014 8990 shell escapes.patch \| (download)	default-rsyncssh.lua \| 13 10 + 3 - 0 ! 1 file changed, 10 insertions(+), 3 deletions(-)	properly sanitize mv parameters (cve-2014-8990) Sanitize mv arguments: . 1. Fixes crashes on file names containing `, $ or " 2. Also prevents shell execution of ``, $() in file names, which can be used to gain remote shell access as lsyncd's (target) user. This adapted patch is from Sven Schwedas <sven.schwedas@tao.at>

Patch

File delta

Description

dont_install_lua_as_docs.patch | (download)

Makefile.am | 9 0 + 9 - 0 !
1 file changed, 9 deletions(-)

upstream's makefile.am defines variables to install the example
lua scripts as documentation. The Debian package installs these lua scripts as
examples so the upstream macros are removed by this patch

fix CVE 2014 8990 shell escapes.patch | (download)

default-rsyncssh.lua | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 properly sanitize mv parameters (cve-2014-8990)
 Sanitize mv arguments:
 .
 1. Fixes crashes on file names containing `, $ or "
 2. Also prevents shell execution of ``, $()  in file names, which can be
    used to gain remote shell access as lsyncd's (target) user.

 This adapted patch is from Sven Schwedas <sven.schwedas@tao.at>