-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Jul 2019 10:58:07 +0000 Source: patch Binary: patch patch-dbgsym Architecture: source amd64 Version: 2.7.6-3+deb10u1 Distribution: buster-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org> Description: patch - Apply a diff file to an original Closes: 932401 933140 Changes: patch (2.7.6-3+deb10u1) buster-security; urgency=high . * Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401). * Fix CVE-2019-13638: shell command injection. * Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style patches (closes: #933140). Checksums-Sha1: fe064b7a01a030f43ea2023d854554d7105d66f1 1731 patch_2.7.6-3+deb10u1.dsc 6f64fa75993bdb285ac4ed6eca6c9212725bff91 783756 patch_2.7.6.orig.tar.xz b655c1d92c457da698bb424a49ab9c58028a1162 13164 patch_2.7.6-3+deb10u1.debian.tar.xz 7b9c21b4d8a339fcc7ab051698ea3742a59b0b37 242564 patch-dbgsym_2.7.6-3+deb10u1_amd64.deb 724c7465f5706c74be40a50f574adc9aafde2b4f 5568 patch_2.7.6-3+deb10u1_amd64.buildinfo 97929ff2785aa005003c332f4cb05e635829ec09 126380 patch_2.7.6-3+deb10u1_amd64.deb Checksums-Sha256: dae4e0d25106b2d14d981309395371397091892359b44a919eb08dd841bee13f 1731 patch_2.7.6-3+deb10u1.dsc ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd 783756 patch_2.7.6.orig.tar.xz 58d4e84bd4ce850152e1d1911546ac0aad9764992570c360cff8f9cf03eb37bc 13164 patch_2.7.6-3+deb10u1.debian.tar.xz 68f025d79a10336e6815e31ebce41980d13ea7a5de71954dd2cc82c2d12f2aaf 242564 patch-dbgsym_2.7.6-3+deb10u1_amd64.deb 5ff16c640a8bdd8e9780c47abaecb95b78e1add6d76853cd65a2e5f523520f3f 5568 patch_2.7.6-3+deb10u1_amd64.buildinfo 01665e698fbec3b06a50e919be5c57ae7dde678da0db14a331174eaca6d4968b 126380 patch_2.7.6-3+deb10u1_amd64.deb Files: 4303327fd4a426c380eb0f1314c37e38 1731 vcs optional patch_2.7.6-3+deb10u1.dsc 78ad9937e4caadcba1526ef1853730d5 783756 vcs optional patch_2.7.6.orig.tar.xz 2ec0af52a035b3c407a077177d5f747f 13164 vcs optional patch_2.7.6-3+deb10u1.debian.tar.xz aa043e27139deaa64fbc3ec3f5669b5d 242564 debug optional patch-dbgsym_2.7.6-3+deb10u1_amd64.deb e25d456e9054e6595bc2e5e8afb3fedb 5568 vcs optional patch_2.7.6-3+deb10u1_amd64.buildinfo 55ae21a868ceb91b4c84727f7acc76de 126380 vcs optional patch_2.7.6-3+deb10u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl08Tw4ACgkQ3OMQ54ZM yL/E8g/+Kd46ojUfnzXKkmaQLkECbfdd/uJScB9zV2ZOj7knk31t+KQb7ansBaBh R95wc+yGjiRpe1qPa52wDK8H2VVNPcrt26ETEloZOmDYXMBHrzL1bwxIUfhSs7J0 KT4jZLA3jUcZIBv81vmhyL/FhAsH+0Ba7HYCk3H5jCTdaB6oKuNkFwrhdqeTOkXW Lg11wKbraR/yxYIFil0JV+YIagcH1msvhtWYGNj7LmNazXjoccMaIfEr2da8pm5x M+bEdzALboWdMlqIt7Zlg2zYWaqjedjV7SDSbPBaaRMP8Wot0wIdL2bSTjqTBWDy XwyPtEaH+sM6RXhqZX0bQy93/vKHZtOsQWqcJ6FzBErq1pDqX+iyueGNxxFjPB1A 5ADe2L8q+c+IXYsm29ALHUtlK6r8ZuGHxqIbujnU08NxGJGyOKbKXdBYSqgl1DhZ lnQ5RPAS2f+zqjCViaU/4TJcqBda8bAZ2bQ3zr2s2AM+Rg7+86sOLIHdxuRiVGOL Yu1uuhs8JG/4eU/HZN5LL7w7xgNKrDSyVkpMSBPx/7DZco0d/x51sg044NHVIdzR WiJ8V7Uqf/aHszViHE0VZZ1XM3I0VGXSh5I8VX5V06cWauptG2HtHUqSSt/iez2M BwiKuyQWOYaLT3dPenDy10S6h7RfP0XWSy0A3rYxqeIoXsuz8w4= =zcwZ -----END PGP SIGNATURE-----