patch 2.7.6-3ubuntu0.1 source package in Ubuntu


patch (2.7.6-3ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

 -- <email address hidden> (Leonidas S. Barbosa)  Tue, 23 Jul 2019 09:08:11 -0300

Upload details

Uploaded by:
Leonidas S. Barbosa on 2019-07-23
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section
Disco updates on 2019-07-24 main utils
Disco security on 2019-07-24 main utils


File Size SHA-256 Checksum
patch_2.7.6.orig.tar.xz 765.4 KiB ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd
patch_2.7.6-3ubuntu0.1.debian.tar.xz 11.8 KiB 0a06c87bf05288db78bc6187c543c04567e17e8e0dd37a9a544112086595edfd
patch_2.7.6-3ubuntu0.1.dsc 1.8 KiB fb28806bd49fa80df6093e53d5b5d04bc91b62eec54fca80eefb18d45bc5f854

View changes file

Binary packages built by this source

patch: Apply a diff file to an original

 Patch will take a patch file containing any of the four forms
 of difference listing produced by the diff program and apply
 those differences to an original file, producing a patched

patch-dbgsym: debug symbols for patch