Your message dated Sat, 27 Jul 2019 23:47:08 +0000
with message-id <[email protected]>
and subject line Bug#933140: fixed in patch 2.7.6-3+deb10u1
has caused the Debian Bug report #933140,
regarding patch: Temporary file leaked on failed ed-style patch
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
933140: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933140
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: patch
Version: 2.7.6-2
Severity: normal
Tags: upstream
Forwarded: https://savannah.gnu.org/bugs/?53820
Control: found -1 2.7.5-1+deb9u1
Control: found -1 2.7.6-3
Control: found -1 2.7.6-5
Hi
The bugfix for CVE-2018-1000156 did introduce a file leak when
applying ed-style patches. This was reported in SuSE as [1] and
upstream at [2]. There are two followup commits needed to address the
issue [3] and [4].
Regards,
Salvatore
[1] https://bugzilla.suse.com/show_bug.cgi?id=1092500
[2] https://savannah.gnu.org/bugs/?53820
[3]
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=19599883ffb6a450d2884f081f8ecf68edbed7ee
[4]
http://git.savannah.gnu.org/cgit/patch.git/commit/?id=369dcccdfa6336e5a873d6d63705cfbe04c55727
--- End Message ---
--- Begin Message ---
Source: patch
Source-Version: 2.7.6-3+deb10u1
We believe that the bug you reported is fixed in the latest version of
patch, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated patch package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 26 Jul 2019 10:58:07 +0000
Source: patch
Binary: patch patch-dbgsym
Architecture: source amd64
Version: 2.7.6-3+deb10u1
Distribution: buster-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
patch - Apply a diff file to an original
Closes: 932401 933140
Changes:
patch (2.7.6-3+deb10u1) buster-security; urgency=high
.
* Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401).
* Fix CVE-2019-13638: shell command injection.
* Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style
patches (closes: #933140).
Checksums-Sha1:
fe064b7a01a030f43ea2023d854554d7105d66f1 1731 patch_2.7.6-3+deb10u1.dsc
6f64fa75993bdb285ac4ed6eca6c9212725bff91 783756 patch_2.7.6.orig.tar.xz
b655c1d92c457da698bb424a49ab9c58028a1162 13164
patch_2.7.6-3+deb10u1.debian.tar.xz
7b9c21b4d8a339fcc7ab051698ea3742a59b0b37 242564
patch-dbgsym_2.7.6-3+deb10u1_amd64.deb
724c7465f5706c74be40a50f574adc9aafde2b4f 5568
patch_2.7.6-3+deb10u1_amd64.buildinfo
97929ff2785aa005003c332f4cb05e635829ec09 126380 patch_2.7.6-3+deb10u1_amd64.deb
Checksums-Sha256:
dae4e0d25106b2d14d981309395371397091892359b44a919eb08dd841bee13f 1731
patch_2.7.6-3+deb10u1.dsc
ac610bda97abe0d9f6b7c963255a11dcb196c25e337c61f94e4778d632f1d8fd 783756
patch_2.7.6.orig.tar.xz
58d4e84bd4ce850152e1d1911546ac0aad9764992570c360cff8f9cf03eb37bc 13164
patch_2.7.6-3+deb10u1.debian.tar.xz
68f025d79a10336e6815e31ebce41980d13ea7a5de71954dd2cc82c2d12f2aaf 242564
patch-dbgsym_2.7.6-3+deb10u1_amd64.deb
5ff16c640a8bdd8e9780c47abaecb95b78e1add6d76853cd65a2e5f523520f3f 5568
patch_2.7.6-3+deb10u1_amd64.buildinfo
01665e698fbec3b06a50e919be5c57ae7dde678da0db14a331174eaca6d4968b 126380
patch_2.7.6-3+deb10u1_amd64.deb
Files:
4303327fd4a426c380eb0f1314c37e38 1731 vcs optional patch_2.7.6-3+deb10u1.dsc
78ad9937e4caadcba1526ef1853730d5 783756 vcs optional patch_2.7.6.orig.tar.xz
2ec0af52a035b3c407a077177d5f747f 13164 vcs optional
patch_2.7.6-3+deb10u1.debian.tar.xz
aa043e27139deaa64fbc3ec3f5669b5d 242564 debug optional
patch-dbgsym_2.7.6-3+deb10u1_amd64.deb
e25d456e9054e6595bc2e5e8afb3fedb 5568 vcs optional
patch_2.7.6-3+deb10u1_amd64.buildinfo
55ae21a868ceb91b4c84727f7acc76de 126380 vcs optional
patch_2.7.6-3+deb10u1_amd64.deb
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl08Tw4ACgkQ3OMQ54ZM
yL/E8g/+Kd46ojUfnzXKkmaQLkECbfdd/uJScB9zV2ZOj7knk31t+KQb7ansBaBh
R95wc+yGjiRpe1qPa52wDK8H2VVNPcrt26ETEloZOmDYXMBHrzL1bwxIUfhSs7J0
KT4jZLA3jUcZIBv81vmhyL/FhAsH+0Ba7HYCk3H5jCTdaB6oKuNkFwrhdqeTOkXW
Lg11wKbraR/yxYIFil0JV+YIagcH1msvhtWYGNj7LmNazXjoccMaIfEr2da8pm5x
M+bEdzALboWdMlqIt7Zlg2zYWaqjedjV7SDSbPBaaRMP8Wot0wIdL2bSTjqTBWDy
XwyPtEaH+sM6RXhqZX0bQy93/vKHZtOsQWqcJ6FzBErq1pDqX+iyueGNxxFjPB1A
5ADe2L8q+c+IXYsm29ALHUtlK6r8ZuGHxqIbujnU08NxGJGyOKbKXdBYSqgl1DhZ
lnQ5RPAS2f+zqjCViaU/4TJcqBda8bAZ2bQ3zr2s2AM+Rg7+86sOLIHdxuRiVGOL
Yu1uuhs8JG/4eU/HZN5LL7w7xgNKrDSyVkpMSBPx/7DZco0d/x51sg044NHVIdzR
WiJ8V7Uqf/aHszViHE0VZZ1XM3I0VGXSh5I8VX5V06cWauptG2HtHUqSSt/iez2M
BwiKuyQWOYaLT3dPenDy10S6h7RfP0XWSy0A3rYxqeIoXsuz8w4=
=zcwZ
-----END PGP SIGNATURE-----
--- End Message ---
