UbuntuUpdates.org

Package "patch"

Name: patch

Description:

Apply a diff file to an original

Latest version: 2.7.6-2ubuntu1.1
Release: bionic (18.04)
Level: updates
Repository: main
Homepage: http://savannah.gnu.org/projects/patch/

Links


Download "patch"


Other versions of "patch" in Bionic

Repository Area Version
base main 2.7.6-2ubuntu1
security main 2.7.6-2ubuntu1.1

Changelog

Version: 2.7.6-2ubuntu1.1 2019-07-24 16:06:37 UTC

  patch (2.7.6-2ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 23 Jul 2019 09:12:54 -0300

CVE-2019-13636 In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2019-13638 shell command injection



About   -   Send Feedback to @ubuntu_updates