| Release | Version |
|---|---|
| bullseye | 2.7.6-7 |
| bookworm | 2.7.6-7 |
| trixie | 2.8-2 |
| forky | 2.8-2 |
| sid | 2.8-2 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2026-56289 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | GNU patch is vulnerable to a denial of service (DoS) due to improper v ... |
| CVE-2026-56288 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | GNU patch is vulnerable to a NULL pointer dereference when processing ... |
| CVE-2021-45261 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An Invalid Pointer vulnerability exists in GNU patch 2.7 via the anoth ... |
| CVE-2018-6952 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | A double free exists in the another_hunk function in pch.c in GNU patc ... |
| CVE-2018-6951 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | An issue was discovered in GNU patch through 2.7.6. There is a segment ... |
| CVE-2010-4651 | vulnerable | vulnerable | vulnerable | vulnerable | vulnerable | Directory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ... |
| Bug | Description |
|---|---|
| TEMP-0776271-06C3A9 | Infinite loop in patch |
| CVE-2019-20633 | GNU patch through 2.7.6 contains a free(p_line[p_end]) Double Free vul ... |
| CVE-2019-13638 | GNU patch through 2.7.6 is vulnerable to OS shell command injection th ... |
| CVE-2019-13636 | In GNU patch through 2.7.6, the following of symlinks is mishandled in ... |
| CVE-2018-1000156 | GNU Patch version 2.7.6 contains an input validation vulnerability whe ... |
| CVE-2018-20969 | do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ... |
| CVE-2016-10713 | An issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ... |
| CVE-2015-1416 | Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ... |
| CVE-2015-1396 | A Directory Traversal vulnerability exists in the GNU patch before 2.7 ... |
| CVE-2015-1395 | Directory traversal vulnerability in GNU patch versions which support ... |
| CVE-2015-1196 | GNU patch 2.7.1 allows remote attackers to write to arbitrary files vi ... |
| CVE-2014-9637 | GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ... |
| DSA / DLA | Description |
|---|---|
| DSA-4489-1 | patch - security update |
| DLA-1864-1 | patch - security update |
| DLA-1856-1 | patch - security update |
| DLA-1348-1 | patch - security update |