CVE-2019-15522

An issue was discovered in LINBIT csync2 through 2.0. csyncdaemonsession in daemon.c neglects to force a failure of a hello command when the configuration requires use of SSL.

References

Affected packages

Debian:11 / csync2

Package

Name: csync2
Purl: pkg:deb/debian/csync2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0-25-gc0faaf9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / csync2

Package

Name: csync2
Purl: pkg:deb/debian/csync2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0-25-gc0faaf9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / csync2

Package

Name: csync2
Purl: pkg:deb/debian/csync2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.0-25-gc0faaf9-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/linbit/csync2

Affected ranges

Type: GIT
Repo: https://github.com/linbit/csync2
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

416f1de878ef97e27e27508914f7ba8599a0be22

Fixed

416f1de878ef97e27e27508914f7ba8599a0be22

Affected versions

csync2-2.*

csync2-2.0