Publishing details

Changelog

patch (2.7.6-2ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 23 Jul 2019 09:12:54 -0300

Available diffs

Builds

Built packages

Package files