David Rhodus noted that rsync is now at version 2.5.7 because of a remotely-exploitable heap overflow. Anyone running a rsync mirror, especially of DragonFly, should update. This is in part the exploit that damaged a Gentoo mirror and a GNU server.