Overview

File _patchinfo of Package patchinfo.24317

<patchinfo incident="24317">
  <issue tracker="bnc" id="1092500">patch leaks temporary file when applying ed-style patch</issue>
  <issue tracker="bnc" id="1080985">VUL-1: CVE-2018-6952: patch: Double free of memory in pch.c:another_hunk() causes a crash</issue>
  <issue tracker="bnc" id="1142041">VUL-1: CVE-2019-13636: patch: In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.</issue>
  <issue tracker="bnc" id="1198106">quilt push fails to backup some files on failure</issue>
  <issue tracker="cve" id="2019-13636"/>
  <issue tracker="cve" id="2018-6952"/>
  <packager>jdelvare</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for patch</summary>
  <description>This update for patch fixes the following issues:

Security fixes:

- CVE-2019-13636: Fixed mishandled following of symlinks in certain cases other than input files (bsc#1142041).
- CVE-2018-6952: Fixed double free of memory in pch.c:another_hunk() (bsc#1080985).

Bugfixes:

- Pass the correct stat to backup files (bsc#1198106).
- Fix temporary file leak when applying ed-style patches (bsc#1092500).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places