kumquat-buildroot/package/patch
Fabrice Fontaine 77d2c77d29 package/patch: annotate CVE-2019-13638
GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed
style diff payload with shell metacharacters. The ed editor does not
need to be present on the vulnerable system. This is different from
CVE-2018-1000156.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-03-03 22:39:09 +01:00
..
0001-Fix-segfault-with-mangled-rename-patch.patch
0002-Allow-input-files-to-be-missing-for-ed-style-patches.patch
0003-Fix-arbitrary-command-execution-in-ed-style-patches-.patch
0004-Invoke-ed-directly-instead-of-using-the-shell.patch package/patch: fix CVE-2018-20969 2020-03-03 22:39:09 +01:00
0005-Don-t-follow-symlinks-unless--follow-symlinks-is-given.patch package/patch: fix CVE-2019-13636 2020-03-03 22:39:09 +01:00
Config.in
patch.hash
patch.mk package/patch: annotate CVE-2019-13638 2020-03-03 22:39:09 +01:00