-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 16 Apr 2018 08:33:40 +0100 Source: patch Binary: patch Architecture: source amd64 Version: 2.6.1-3+deb7u1 Distribution: wheezy-security Urgency: high Maintainer: Christoph Berg <myon@debian.org> Changed-By: Chris Lamb <lamby@debian.org> Description: patch - Apply a diff file to an original Closes: 894993 Changes: patch (2.6.1-3+deb7u1) wheezy-security; urgency=high . * CVE-2018-1000156: Fix an input validation vulnerability where an ed(1) script embedded in a patch file could result in arbitrary code execution when naively applied with patch(1). This was reported by Rachel Kroll <https://rachelbythebay.com/w/2018/04/05/bangpatch/> et al. (Closes: #894993) Checksums-Sha1: e29942bb7d1c7a2804d000b0758ea1dbf760d110 1776 patch_2.6.1-3+deb7u1.dsc a50deb8cb6daa5e2997e7a9a36adb78980f95332 303692 patch_2.6.1.orig.tar.gz c01fda09609afdcbfaa9b9bb03b9601a7be3167a 10869 patch_2.6.1-3+deb7u1.debian.tar.gz dcfd5bc273d8449423e5979f0c133829571ab9c0 121454 patch_2.6.1-3+deb7u1_amd64.deb Checksums-Sha256: c3e4af95cb2f6a6645c42cd35933fac3c30532179c5bb938afb981b785abe999 1776 patch_2.6.1-3+deb7u1.dsc d1563731e9cffed11cc5f011b2b8e074c325e86a383a91889b5c5b80b09781b9 303692 patch_2.6.1.orig.tar.gz ad68e541263a76d03d1e1abdd24a408063d35667e056513922e9f7d22c79599b 10869 patch_2.6.1-3+deb7u1.debian.tar.gz 8a2fc62ce9ab89653e227997768a0552fcb1a0dc970741303b61053defde770d 121454 patch_2.6.1-3+deb7u1_amd64.deb Files: c1faba7da3f2b69e894b51670bcf95eb 1776 vcs standard patch_2.6.1-3+deb7u1.dsc d758eb96d3f75047efc004a720d33daf 303692 vcs standard patch_2.6.1.orig.tar.gz 1ccf37c5e21dbeb112ef3e9a5c9f66d2 10869 vcs standard patch_2.6.1-3+deb7u1.debian.tar.gz 331589d8e42ccc1a61b3cc31afdf96b5 121454 vcs standard patch_2.6.1-3+deb7u1_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrUhYkACgkQHpU+J9Qx HlhCyQ/+IcGdALCGXagfV1eaRewVTC3YNbkOrODA4YFIGW8Hp849F1y/wtZniKZ/ oW5NRDCRb3XAQOnOndI0KXPnyW6MYNsSOYwFps58tcD+Upq4r5dj3FT8D50sUv5W eF6nHh6ahOIoG5GJBLTwLLF3yTjRy0k3iU2vazxUZTKioFsBIVgqSSFBsOAarUYN L7JSfuecc+nX2/Ar+a/cJk6i4lD+12WC2MmXyAwc62OYWd3fAKhlV/zqVxgBV9gw 98ZPJvDnWeySNA0YP4XgQ7gKOZ2bZ+pv57xZi6Ld4UaM8/jJnp6p7QDRNEMVri9q UJMif0BmlwTwrVWyNCYiCO3WphZo7L86ZN0O/qKolhP76GJ7LYR/6eDp//8LMp9I rrvIsgTVAt+z9t80rO4NIyReUP8E4Iwp8OeE3lKdROz1seYENjN+uzlHC2/H1oIh o2tvLlpWOIS7JoRshhofzo/abNDiBbifQr9hULBqeEFQRUXXNplGEDPTrDf/YlQX y6Qvp9UHlZo1vCTU+EJek9DKU3MlmUQCE0yPQ9IvyWyY+r2akrLcEXcbLc2ePjKj P7KHQjmTE3b514cSOxD66CbM3lOEy8Ui22JCldxoAHZHN3Kb4Qo94ryW2WNcErld 3QTUAMYoq3y2+lBLR5vz86m6NIc5IzZbNHAH89ZNgGmwFxqhVSg= =3yit -----END PGP SIGNATURE-----
