Ubuntu Security Notice 5921-1 - Koen van Hove discovered that the rsync client incorrectly validated filenames returned by servers. If a user or automated system were tricked into connecting to a malicious server, a remote attacker could use this issue to write arbitrary files, and possibly escalate privileges.
35d52e9980c3b3b1564055c12ccb518fb324abda65d1fd79b116b82879e48886