UbuntuUpdates.org

Package "patch"

Name: patch

Description:

Apply a diff file to an original
Latest version: 2.6.1-3ubuntu0.2
Release: precise (12.04)
Level: updates
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "patch"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "patch" in Precise

Repository Area Version
base main 2.6.1-3
security main 2.6.1-3ubuntu0.2

Changelog

Version: 2.6.1-3ubuntu0.2 2021-05-03 16:06:19 UTC

  patch (2.6.1-3ubuntu0.2) precise-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2016-10713.patch: fix in
      src/pch.c.
    - CVE-2016-10713
  * SECURITY UPDATE: Input validation vulnerability
    - debian/patches/CVE-2018-1000156.patch: fix in
      src/pch.c adding tests in Makefile.in, tests/ed-style.
    - CVE-2018-1000156

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 16 Apr 2018 09:34:21 -0300
Source diff to previous version
CVE-2016-10713 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input
CVE-2018-1000156 GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed)

Version: 2.6.1-3ubuntu0.1 2015-06-23 01:06:13 UTC

  patch (2.6.1-3ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: Directory traversal via crafted patch
    - debian/patches/CVE-2010-4651.patch: Restrict file creation to the
      current directory and its subdirectories
    - CVE-2010-4651
  * SECURITY UPDATE: Denial of service via crafted patch
    - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
      allocation failures
    - CVE-2014-9637

 -- Tyler Hicks <email address hidden> Thu, 11 Jun 2015 20:33:29 -0500
CVE-2010-4651 Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier allows user-assisted remote attackers to create or overwrite arbitrary fil
CVE-2014-9637 With a specific file, patch goes to infinite loop and eats all CPU time


About   -   Send Feedback to @ubuntu_updates