UbuntuUpdates.org

Package "patch"

Name: patch

Description:

Apply a diff file to an original
Latest version: 2.7.5-1ubuntu0.16.04.2
Release: xenial (16.04)
Level: security
Repository: main
Homepage: http://savannah.gnu.org/projects/patch/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "patch"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "patch" in Xenial

Repository Area Version
base main 2.7.5-1
updates main 2.7.5-1ubuntu0.16.04.2

Changelog

Version: 2.7.5-1ubuntu0.16.04.2 2019-07-24 15:06:34 UTC

  patch (2.7.5-1ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 23 Jul 2019 09:17:32 -0300
Source diff to previous version
CVE-2019-13636 In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.
CVE-2019-13638 shell command injection

Version: 2.7.5-1ubuntu0.16.04.1 2018-04-10 18:06:42 UTC

  patch (2.7.5-1ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2016-10713.patch: fix in
      src/pch.c.
    - CVE-2016-10713
  * SECURITY UPDATE: Input validation vulnerability
    - debian/patches/CVE-2018-1000156.patch: fix in
      src/pch.c adding tests in Makefile.in, tests/ed-style.
    - debian/patches/0001-Fix-ed-style-test-failure.patch:
      fix test.
    - CVE-2018-1000156
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-6951.patch: fix in src/pch.c.
    - CVE-2018-6951
  * Adds dh_autoreconf to asure it will use the right automake, also adding
    dh_autoreconf as build-depend.

 -- <email address hidden> (Leonidas S. Barbosa) Mon, 09 Apr 2018 12:16:54 -0300
CVE-2016-10713 An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input


About   -   Send Feedback to @ubuntu_updates