Format: 1.8 Date: Thu, 11 Jun 2015 20:27:28 -0500 Source: patch Binary: patch Architecture: amd64 Version: 2.7.1-4ubuntu2.1 Distribution: trusty Urgency: medium Maintainer: Ubuntu/amd64 Build Daemon Changed-By: Tyler Hicks Description: patch - Apply a diff file to an original Changes: patch (2.7.1-4ubuntu2.1) trusty-security; urgency=medium . * SECURITY UPDATE: Denial of service via crafted patch - debian/patches/CVE-2014-9637.patch: Detect and exit upon memory allocation failures - CVE-2014-9637 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1196.patch: Don't allow symlink targets to point outside of the current directory - CVE-2015-1196 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1395.patch: Check the validity of both filenames during a rename or copy - CVE-2015-1395 * SECURITY UPDATE: Directory traversal via crafted patch - debian/patches/CVE-2015-1396.patch: Don't allow symlink targets to point outside of the current directory. This patch corrects the incomplete fix for CVE-2015-1196. - CVE-2015-1396 * debian/control: Add automake1.11 as a build-depends since some of the patches adjust Makefile.am files Checksums-Sha1: d1f8c193576681c94c3fb2e58a29e7877ffffac3 86428 patch_2.7.1-4ubuntu2.1_amd64.deb d6aa460fdca02a1d597cc1c48ce71b06b96aa6d1 133876 patch-dbgsym_2.7.1-4ubuntu2.1_amd64.ddeb Checksums-Sha256: 8961a9ee5857fa08574a2321485762807529e1c5874f5f66c0e4046cafa7a498 86428 patch_2.7.1-4ubuntu2.1_amd64.deb 669fa01b20703b7811a5c3984d0849728ece705647c0d0cc0d0492a880871fd8 133876 patch-dbgsym_2.7.1-4ubuntu2.1_amd64.ddeb Files: 325a21799b83a7e34aeac048aec5847b 86428 vcs standard patch_2.7.1-4ubuntu2.1_amd64.deb 9a9960e86ca60323caaa00272445476e 133876 vcs extra patch-dbgsym_2.7.1-4ubuntu2.1_amd64.ddeb Original-Maintainer: Laszlo Boszormenyi (GCS)