hello,
maybe not everyone notice CVE-2024-12084 and CVE-2024-12085 ultimately allow remote code execution (RCE) and fedora 41 still on rsync <3.4.0 since 4+ days.
there are multiple regression on version 3.4.0 and 3.4.1 which i vote for at FEDORA-2025-ec87287710 — security update for rsync — Fedora Updates System and FEDORA-2025-3ec637e6e9 — security update for rsync — Fedora Updates System.
Now what? still waiting for 3.4.2 ?
Find it interesting that one down vote seems to be enough?!
Disclaimer i’m not a security expert nor maintainer !
I hope this reaches the right people and trust in fedora can be strengthened.