rsync: Fix of CVE-2026-41035

CVE-2026-41035: fix use-after-free in receivexattr by using tempxattr.count instead of the stale count in qsort...

CLSA-2026-1780062671 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: receiver use-after-free in receivexattr via a wire-supplied xattr count passed to qsort: - debian/patches/els/0007-CVE-2026-41035.patch: sort tempxattr.count stored items instead of the untrusted wire count. - CVE-2026-41035...

CLSA-2026-1780054763 Fix CVE(s): CVE-2026-41035

SECURITY UPDATE: use-after-free in receivexattr - debian/patches/CVE-2026-41035.patch: replace stale local 'count' with tempxattr.count in the qsort call inside receivexattr, so the sort uses the live size of the rebuilt xattr items list; victim must run rsync with -X / --xattrs - CVE-2026-41035...

CLSA-2026-1779154430 rsync: Fix of CVE-2026-41035

CVE-2026-41035: receiver use-after-free in receivexattr via untrusted xattr count passed to qsort...

EUVD-2026-27727

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix reflink preserve cleanup issue commit c06c303832ec "ocfs2: fix xattr array entry countedby error" doesn't handle all cases and the cleanup job for preserved xattr entries still has bug: - the 'last' pointer should be...