Package "patch"
Name: |
patch
|
Description: |
Apply a diff file to an original
|
Latest version: |
2.7.1-4ubuntu2.4 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Links
Download "patch"
Other versions of "patch" in Trusty
Changelog
patch (2.7.1-4ubuntu2.4) trusty-security; urgency=medium
* SECURITY UPDATE: Out-of-bounds access
- debian/patches/CVE-2016-10713.patch: fix in
src/pch.c.
- CVE-2016-10713
* SECURITY UPDATE: Input validation vulnerability
- debian/patches/CVE-2018-1000156.patch: fix in
src/pch.c adding tests in Makefile.in, tests/ed-style.
- debian/patches/0001-Fix-ed-style-test-failure.patch:
- CVE-2018-1000156
* SECURITY UPDATE: NULL pointer dereference
- debian/patches/CVE-2018-6951.patch: fix in src/pch.c.
- CVE-2018-6951
-- <email address hidden> (Leonidas S. Barbosa) Mon, 09 Apr 2018 11:14:01 -0300
|
Source diff to previous version |
CVE-2016-10713 |
An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input |
|
patch (2.7.1-4ubuntu2.3) trusty-security; urgency=medium
* SECURITY UPDATE: Denial of service via crafted patch
- debian/patches/CVE-2014-9637.patch: Detect and exit upon memory
allocation failures
- CVE-2014-9637
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point
outside of the current directory
- CVE-2015-1196
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1395.patch: Check the validity of both filenames
during a rename or copy
- CVE-2015-1395
* SECURITY UPDATE: Directory traversal via crafted patch
- debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point
outside of the current directory. This patch corrects the incomplete fix
for CVE-2015-1196.
- CVE-2015-1396
* debian/control: Add automake1.11 as a build-depends since some of the
patches adjust Makefile.am files
-- Tyler Hicks <email address hidden> Mon, 22 Jun 2015 14:33:17 -0500
|
CVE-2014-9637 |
With a specific file, patch goes to infinite loop and eats all CPU time |
CVE-2015-1196 |
GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file. |
CVE-2015-1395 |
directory traversal via file rename |
CVE-2015-1396 |
(another) directory traversal via symlinks -- incomplete fix for CVE-2015-1196 |
|
About
-
Send Feedback to @ubuntu_updates