-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 26 Jul 2019 10:58:06 +0000 Source: patch Binary: patch Architecture: source amd64 Version: 2.7.5-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Laszlo Boszormenyi (GCS) Changed-By: Laszlo Boszormenyi (GCS) Description: patch - Apply a diff file to an original Closes: 932401 933140 Changes: patch (2.7.5-1+deb9u2) stretch-security; urgency=high . * Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401). * Fix CVE-2019-13638: shell command injection. * Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style patches (closes: #933140). Checksums-Sha1: 780d06fb5b039ea0008c26bc6cf74f0b9ff3ba1f 1840 patch_2.7.5-1+deb9u2.dsc 4a5a98c6bed0e59d4eb65f93753d5b3610b7dd04 13036 patch_2.7.5-1+deb9u2.debian.tar.xz f99e4ef2e9c893f124b1c0ce283f15b1bea8aaa6 169442 patch-dbgsym_2.7.5-1+deb9u2_amd64.deb 96660f89c43c1078d3c3686cc36c27257204295b 6353 patch_2.7.5-1+deb9u2_amd64.buildinfo cc171370eeb476c078548f7cea7c08d417ebaff4 111794 patch_2.7.5-1+deb9u2_amd64.deb Checksums-Sha256: 3e6b3452b6a658b5762b198a94f1ac5af6bb687f90e5749a7f5af12364ffa269 1840 patch_2.7.5-1+deb9u2.dsc c094ca6eabeb6c7fe3ea964bd242a2f018c5e2ce5b82cc4e977b37e214109c6e 13036 patch_2.7.5-1+deb9u2.debian.tar.xz 4f3c47adbee6e2f0d9c4c5f3eb2ccc9218be7ea20c4a9989e7758293e6a2d28b 169442 patch-dbgsym_2.7.5-1+deb9u2_amd64.deb 4c5aeb7c9c8d0d1a33a861ef9a17242861d1c290ca0750691ec41723d7c3f7b2 6353 patch_2.7.5-1+deb9u2_amd64.buildinfo 62d885ef16e7a39813ba1736d6e8100d2d4e4d8334f170cce060683733a0be26 111794 patch_2.7.5-1+deb9u2_amd64.deb Files: 7e2af2d4fa2b8cce890ef6c264743cad 1840 vcs standard patch_2.7.5-1+deb9u2.dsc c0e5dff4659705a0317a88541d7d3365 13036 vcs standard patch_2.7.5-1+deb9u2.debian.tar.xz 933bf2b40d706001f9e6eba68b34bc42 169442 debug extra patch-dbgsym_2.7.5-1+deb9u2_amd64.deb ccf2214769b348d4c4fd5369ebbe2445 6353 vcs standard patch_2.7.5-1+deb9u2_amd64.buildinfo 26fcb68f4e81fea87d664dc95fef7b0e 111794 vcs standard patch_2.7.5-1+deb9u2_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl08Tu8ACgkQ3OMQ54ZM yL+QCw//VhUKDkHiQejWYYO2aOq0D5ZH8nMnV7M5xw19Kms3MwofJGG5W0DDIYYs NiFQgbZW9HrQxpva0R1yJeMXaHHrFyL3F+XaERS+vUuuUGL1DpqH5wO5w0cizImk QEKS0V/WLyishqCOSUuCPgrLDNytME3CeaggKj/QJl2QT6Xniv1+WzmNVZAhrf6b CsdfWF3g3qMlAE/cbToxCq7LkXNdpctdxd6LYDZvvlz2FEHgxMCdObNlsmdoTKS1 jC157K8zFe4cFGfWJTopmhugPy90LFijyk6Q5aidyvNfA+BZNzdwD9OaGArpI37q TNIBTbhg1umJHR9IHYgdcACN+Xmpx6YzKyKdpGh+xJlcpt+qUk0kT+SCczkm6IS4 AHWtUHHf6kGN0YvJkYX7RXfO096KY9pAferRICypnXjgeEL/Q7sTNbeM/Iz7qdpw ZvVWRDtoEIMBJHKW0+IQhTcBolKaoMhgLPuDCOc1/iTJJyrdo5dkD5GyTwWAdp7l fuSfeUyxi8aIXmjo3ZwU6Inoi4nETiqSN1a2f+Xm1aoyjjmCN6KTtPmGL45mmJ3R FnBiAMp9xT+mb8iq4w0HpDVQzVejHFAk2DzovGxUN8iCfsBG9+DkzkVyZXLQCHAm 0LuuuzxyhH1xRs6ebx2Fp4TGuDMvQ9VmMxX2uYf6ZL0Wla6AbIQ= =iQw0 -----END PGP SIGNATURE-----