All,
Issue: From Artic Wolf.
On January 14, 2025, the CERT Coordination Center (CERT/CC) published a security advisory detailing multiple vulnerabilities impacting Rsync. The most severe vulnerability is CVE-2024-12084, a critical severity heap buffer overflow vulnerability in the Rsync daemon which can lead to out-of-bounds writes in the buffer. If combined with a second high severity vulnerability, CVE-2024-12085, a information leak via uninitialized stack, a client can execute arbitrary code on a device that has Rsync server running.
My understanding is the vulnerability is fixed in rsync 3.4, Any estimate on when rsync 3.4 will be available for download?