-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 18 May 2026 20:33:38 +0200
Source: rsync
Binary: rsync rsync-dbgsym
Architecture: ppc64el
Version: 3.4.1+ds1-5+deb13u3
Distribution: trixie-security
Urgency: high
Maintainer: ppc64el Build Daemon (ppc64el-conova-01) <buildd_ppc64el-ppc64el-conova-01@buildd.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Description:
 rsync      - fast, versatile, remote (and local) file-copying tool
Changes:
 rsync (3.4.1+ds1-5+deb13u3) trixie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Address several vulnerabilities
     - CVE-2026-29518: Symlink-race TOCTOU in daemon (use chroot = no)
     - CVE-2026-43617: Authorization bypass via hostname resolution (daemon
       chroot mode)
     - CVE-2026-43618: Integer overflow in compressed-token decoder (info
       disclosure)
     - CVE-2026-43619: Symlink-race conditions in path-based syscalls
     - CVE-2026-43620: Out-of-bounds array read in receiver recv_files()
   * d/t/upstream-tests: Build t_chmod_secure and t_secure_relpath
Checksums-Sha1:
 6b46b68e69aa2f62bf0dccfe139339e82da61b4f 570120 rsync-dbgsym_3.4.1+ds1-5+deb13u3_ppc64el.deb
 b49b7b3d80a6d5e1bd2ed8d777aa75a5e68759f5 6753 rsync_3.4.1+ds1-5+deb13u3_ppc64el-buildd.buildinfo
 c2e6fc6382d99bf671292c488971af4316ec2eb4 442764 rsync_3.4.1+ds1-5+deb13u3_ppc64el.deb
Checksums-Sha256:
 417d38c801851872dfd95ef4d557af822acbd4ca551e10af8f80547e4ebf7354 570120 rsync-dbgsym_3.4.1+ds1-5+deb13u3_ppc64el.deb
 e375ff20bd5ca0e0a7f113e34099a3f41b19d60f289e058ccd76df44a5f12496 6753 rsync_3.4.1+ds1-5+deb13u3_ppc64el-buildd.buildinfo
 3fec74f7f95b3f6c8853eae5fb43aed3d4fb19d789d38634a569f7e75191036b 442764 rsync_3.4.1+ds1-5+deb13u3_ppc64el.deb
Files:
 9ca5f02586edb927e3d3903f3e7f499f 570120 debug optional rsync-dbgsym_3.4.1+ds1-5+deb13u3_ppc64el.deb
 73958be695e5912e2bf003add0f12246 6753 net optional rsync_3.4.1+ds1-5+deb13u3_ppc64el-buildd.buildinfo
 6e6246901f8d2d819bf0cff4406eaa18 442764 net optional rsync_3.4.1+ds1-5+deb13u3_ppc64el.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEDoRc43uRWMOoIqIgDNLUPhbmg7MFAmoM2qEACgkQDNLUPhbm
g7M4Xw/+LOCVpqC8FBtIIjXHOm8iG9CSmslm5EZBSQOT2lCwCa5Zi1d8W0dJuUSk
Z9XuFAz2KqQlwcULcH1nWnEjYkUV+Qr1X6+mZMjKuAoUkLQYhKS4y1YTGgGH/9NF
5ah9zC03vbhIKxd7tN2C8lrjaaBPkzE0w8CEGNINOuzZegp48wS9EXYFbj49RXZa
kDaN+qmWvqbpLQjUgaFS83/w/vOvu6wX/XjPG1GdsuurHisECXqm7MrUfQBoL+DE
pU4VNH6ppN1onQH/F0cIcWRARKmuBDRglhDlyngjhvlHNOnG0/xrg2BHNYyL/T81
1hwDqABAY7B9bcxM9ST/G3RRtAXIqW1QvJjYfgHLcQrUNR5yNpSDIaRdmGyuQ0lg
Dn5tJWDWQambOQTvOjFioaIpVBF5EIndMFBA/A1suHAlOnDKOHhbnjKYEZBio0WJ
k48BVdAyzuOeHKOgatC/ev8qDk1HfHAsrbHxhdCpBVrPuUxdbIYTT7HANsohNSHS
gjDknus3oNYR9VsU5l6h44Gpm8wwVt9AVzo2laU6FoGcNdzfp/KZcS+ybed9lkm7
nWYPZFtI89Jw8zhkbv3CXezsuF0re+l0IFJ+PipabNR4O/PpWrTmQpUbBEtbuYZr
E6MNcbTCwkmYz6olUmVUX3/Mp7YNRUemdC8Mh0vbrSfqFjeu4s0=
=+kWS
-----END PGP SIGNATURE-----