-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:204
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : librsync
 Date    : April 27, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated librsync packages fix security vulnerability:
 
 librsync before 1.0.0 used a truncated MD4 strong check sum to match
 blocks. However, MD4 is not cryptographically strong. It's possible
 that an attacker who can control the contents of one part of a file
 could use it to control other regions of the file, if it's transferred
 using librsync/rdiff (CVE-2014-8242).
 
 The change to fix this is not backward compatible with older versions
 of librsync. Backward compatibility can be obtained using the new
 rdiff si