mirror of
https://git.yoctoproject.org/poky
synced 2026-05-09 17:39:31 +00:00
Liyin Zhang
652e8fc3b9
CVE-2025-10158: A malicious client acting as the receiver of an rsync file transfer can trigger an out of bounds read of a heap based buffer, via a negative array index. The malicious rsync client requires at least read access to the remote rsync module in order to trigger the issue. Reference: [https://nvd.nist.gov/vuln/detail/CVE-2025-10158] Upstream patch: [https://github.com/RsyncProject/rsync/commit/797e17fc4a6f15e3b1756538a9f812b63942686f] (From OE-Core rev: fe4bea86b27551edbe7440ff47041b6d45b2f4e1) Signed-off-by: Liyin Zhang <liyin.zhang.cn@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>