Skip to content

fix(rsync): CVE-2026-41035 use-after-free in receive_xattr#7

Merged
Zeno-sole merged 2 commits into
masterfrom
fix/CVE-2026-41035
May 13, 2026
Merged

fix(rsync): CVE-2026-41035 use-after-free in receive_xattr#7
Zeno-sole merged 2 commits into
masterfrom
fix/CVE-2026-41035

Conversation

@deepin-ci-robot
Copy link
Copy Markdown
Contributor

@deepin-ci-robot deepin-ci-robot commented May 11, 2026

Fix use-after-free in receive_xattr qsort call.

In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted length value during a qsort call, leading to a receiver use-after-free.

Upstream: RsyncProject/rsync@bb0a811
Generated-By: glm-5.1
Co-Authored-By: hudeng hudeng@deepin.org

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026
edited
Loading

TAG Bot

TAG: 3.4.1+ds1-7deepin1
EXISTED: no
DISTRIBUTION: unstable

@hudeng-go
Copy link
Copy Markdown

hudeng-go commented May 11, 2026

/integrate

@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 11, 2026

AutoIntegrationPr Bot
auto integrate with pr url: deepin-community/Repository-Integration#3979
PrNumber: 3979
PrBranch: auto-integration-25657451019

@deepin-community-ci-bot deepin-community-ci-bot Bot mentioned this pull request May 11, 2026
Open
@deepin-ci-robot
fix(rsync): CVE-2026-41035 use-after-free in receive_xattr
ae2f301 
  * d/p/CVE-2026-41035.patch: Import upstream patch to fix CVE-2026-41035

    In rsync 3.0.1 through 3.4.1, receive_xattr relies on an untrusted
    length value during a qsort call, leading to a receiver use-after-free.
    (Closes: #1134617)

Co-Author: hudeng <hudeng@deepin.org>
@hudeng-go
Copy link
Copy Markdown

hudeng-go commented May 12, 2026

/integrate

@Zeno-sole
Copy link
Copy Markdown
Contributor

Zeno-sole commented May 13, 2026

/integrate

@deepin-ci-robot
Copy link
Copy Markdown
Contributor Author

deepin-ci-robot commented May 13, 2026

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: hudeng-go

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@Zeno-sole Zeno-sole merged commit 5297022 into master May 13, 2026
8 of 9 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hudeng-go hudeng-go hudeng-go approved these changes

@BLumia BLumia Awaiting requested review from BLumia

@chenchongbiao chenchongbiao Awaiting requested review from chenchongbiao

Assignees

No one assigned

Labels

approved cve generated-by-ai

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@deepin-ci-robot @hudeng-go @Zeno-sole