George Georgalis wrote:
> I've been wondering about this audit-packages message...
> 
> Package rsync-2.6.9 has a remote-user-shell vulnerability, see
> http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091
> 
> seems to be around a while. On the rsync list I found a patch.
> Can someone aply it?
> 
> // George

This was fixed about 6 weeks ago by tron@ and the package was bumped to
2.6.9nb1.  The fix was also pulled up into the stable branch.

adrian.