Package: lsyncd | Debian Sources

Package: lsyncd / 2.1.5-2

Metadata

Package	Version	Patches format
lsyncd	2.1.5-2	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
fix CVE 2014 8990 shell escapes.patch \| (download)	default-rsyncssh.lua \| 13 10 + 3 - 0 ! 1 file changed, 10 insertions(+), 3 deletions(-)	properly sanitize mv parameters (cve-2014-8990) Sanitize mv arguments: . 1. Fixes crashes on file names containing `, $ or " 2. Also prevents shell execution of ``, $() in file names, which can be used to gain remote shell access as lsyncd's (target) user.
dont_install_lua_as_docs.patch \| (download)	Makefile.am \| 9 0 + 9 - 0 ! 1 file changed, 9 deletions(-)	upstream's makefile.am defines variables to install the example lua scripts as documentation. The Debian package installs these lua scripts as examples so the upstream macros are removed by this patch

Patch

File delta

Description

fix CVE 2014 8990 shell escapes.patch | (download)

default-rsyncssh.lua | 13 10 + 3 - 0 !
1 file changed, 10 insertions(+), 3 deletions(-)

 properly sanitize mv parameters (cve-2014-8990)
 Sanitize mv arguments:
 .
 1. Fixes crashes on file names containing `, $ or "
 2. Also prevents shell execution of ``, $()  in file names, which can be
    used to gain remote shell access as lsyncd's (target) user.

dont_install_lua_as_docs.patch | (download)

Makefile.am | 9 0 + 9 - 0 !
1 file changed, 9 deletions(-)

upstream's makefile.am defines variables to install the example
lua scripts as documentation. The Debian package installs these lua scripts as
examples so the upstream macros are removed by this patch