Information on source package patch

Available versions

ReleaseVersion
jessie2.7.5-1+deb8u1
jessie (security)2.7.5-1+deb8u3
stretch (security)2.7.5-1+deb9u2
buster (security)2.7.6-3+deb10u1
bullseye2.7.6-6
sid2.7.6-6

Open unimportant issues

BugjessiestretchbusterbullseyesidDescription
CVE-2018-6952vulnerablevulnerablevulnerablevulnerablevulnerableA double free exists in the another_hunk function in pch.c in GNU patc ...
CVE-2018-6951vulnerablevulnerablevulnerablevulnerablevulnerableAn issue was discovered in GNU patch through 2.7.6. There is a segment ...
CVE-2016-10713vulnerablevulnerablefixedfixedfixedAn issue was discovered in GNU patch before 2.7.6. Out-of-bounds acces ...
CVE-2010-4651vulnerablevulnerablevulnerablevulnerablevulnerableDirectory traversal vulnerability in util.c in GNU patch 2.6.1 and ear ...

Resolved issues

BugDescription
TEMP-0776271-06C3A9Infinite loop in patch
CVE-2019-13638GNU patch through 2.7.6 is vulnerable to OS shell command injection th ...
CVE-2019-13636In GNU patch through 2.7.6, the following of symlinks is mishandled in ...
CVE-2018-20969do_ed_script in pch.c in GNU patch through 2.7.6 does not block string ...
CVE-2018-1000156GNU Patch version 2.7.6 contains an input validation vulnerability whe ...
CVE-2015-1416Larry Wall's patch; patch in FreeBSD 10.2-RC1 before 10.2-RC1-p1, 10.2 ...
CVE-2015-1396(another) directory traversal via symlinks -- incomplete fix for CVE-2015-1196
CVE-2015-1395Directory traversal vulnerability in GNU patch versions which support ...
CVE-2015-1196GNU patch 2.7.1 allows remote attackers to write to arbitrary files vi ...
CVE-2014-9637GNU patch 2.7.2 and earlier allows remote attackers to cause a denial ...

Security announcements

DSA / DLADescription
DSA-4489-1patch - security update
DSA-4489-1patch - security update
DLA-1864-1patch - security update
DLA-1856-1patch - security update
DLA-1348-1patch - security update

Search for package or bug name: Reporting problems