[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1864-1] patch security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : patch
Version        : 2.7.5-1+deb8u3
CVE ID         : CVE-2019-13638


An issue with quoting has been found in patch, a tool to apply a diff file to an original, when invoking ed. In order to avoid this, ed is now directly started instead of calling a shell which starts ed.


For Debian 8 "Jessie", this problem has been fixed in version
2.7.5-1+deb8u3.

We recommend that you upgrade your patch packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEEYgH7/9u94Hgi6ruWlvysDTh7WEcFAl06GOtfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDYy
MDFGQkZGREJCREUwNzgyMkVBQkI5Njk2RkNBQzBEMzg3QjU4NDcACgkQlvysDTh7
WEcmYA//bPNSyNc8hnm65rA8lf6010Lu85oZUPbasF1apmGYUGvgvbMoxVLvcKK7
7ypngSMo3utyZt8zdV56nWW4Z2MPD3LnNWP465+8AMkXHhFBRWAQ0KWxTjENbBn8
52jxJmBytw34brsU6pPVNkgQ25B+DFCEC3DcSSJAoRveZbDBlQdu/6k4ByWppfMO
SUcYytcHCUHQl6zEdMOhY7K/Cb9PkkvjlC8K0HF2fGDF45Nh8Bo1YXBCUZcOhepw
uf6MxjgNYOYACPm6Wo7aUlBz41BbK9UNgmjRhJ0Bj3/ke4N24O7o/HlKdTfzUwNm
X8SLVb0PAHhnbT+Z9tHxWqHPO7R2+QWZZ+2PJPo/F6tNnfZ6zdeLN+16EhajzucT
qa++T7qb1MxHgNNa+hMCp6j0XZat6Z45wIJEBd25c0+P4edsWWwMMMakhPrMqVZu
TO7w3ipfUFjjooH3+mClBSJhq07pgs31xR+PXTGAh4Z8SDPT1cVhkiMEiCpIRvip
lcGI/WfTR+Bm6kktJu6KPSBpyhuVDv25/GjXqVVPDfE0KTD3dxWpbhDsKGoJDuQH
S7Ic8S7dwNabVbKzBmDi984rs/G/Qr8mjdi+6e+XgN6rhzqtk4xAagqIyF0YrHCC
KHbsXedb+jRKQRf5/8cxN64K9L5WFCidqx6ZfbdxGkTERBf8bm0=
=Ruoe
-----END PGP SIGNATURE-----


Reply to: