-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 16 Apr 2018 08:33:40 +0100
Source: patch
Binary: patch
Architecture: source amd64
Version: 2.6.1-3+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Christoph Berg <m...@debian.org>
Changed-By: Chris Lamb <la...@debian.org>
Description: 
 patch      - Apply a diff file to an original
Closes: 894993
Changes: 
 patch (2.6.1-3+deb7u1) wheezy-security; urgency=high
 .
   * CVE-2018-1000156: Fix an input validation vulnerability
     where an ed(1) script embedded in a patch file could result in arbitrary
     code execution when naively applied with patch(1). This was reported by
     Rachel Kroll <https://rachelbythebay.com/w/2018/04/05/bangpatch/> et al.
     (Closes: #894993)
Checksums-Sha1: 
 e29942bb7d1c7a2804d000b0758ea1dbf760d110 1776 patch_2.6.1-3+deb7u1.dsc
 a50deb8cb6daa5e2997e7a9a36adb78980f95332 303692 patch_2.6.1.orig.tar.gz
 c01fda09609afdcbfaa9b9bb03b9601a7be3167a 10869 
patch_2.6.1-3+deb7u1.debian.tar.gz
 dcfd5bc273d8449423e5979f0c133829571ab9c0 121454 patch_2.6.1-3+deb7u1_amd64.deb
Checksums-Sha256: 
 c3e4af95cb2f6a6645c42cd35933fac3c30532179c5bb938afb981b785abe999 1776 
patch_2.6.1-3+deb7u1.dsc
 d1563731e9cffed11cc5f011b2b8e074c325e86a383a91889b5c5b80b09781b9 303692 
patch_2.6.1.orig.tar.gz
 ad68e541263a76d03d1e1abdd24a408063d35667e056513922e9f7d22c79599b 10869 
patch_2.6.1-3+deb7u1.debian.tar.gz
 8a2fc62ce9ab89653e227997768a0552fcb1a0dc970741303b61053defde770d 121454 
patch_2.6.1-3+deb7u1_amd64.deb
Files: 
 c1faba7da3f2b69e894b51670bcf95eb 1776 vcs standard patch_2.6.1-3+deb7u1.dsc
 d758eb96d3f75047efc004a720d33daf 303692 vcs standard patch_2.6.1.orig.tar.gz
 1ccf37c5e21dbeb112ef3e9a5c9f66d2 10869 vcs standard 
patch_2.6.1-3+deb7u1.debian.tar.gz
 331589d8e42ccc1a61b3cc31afdf96b5 121454 vcs standard 
patch_2.6.1-3+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlrUhYkACgkQHpU+J9Qx
HlhCyQ/+IcGdALCGXagfV1eaRewVTC3YNbkOrODA4YFIGW8Hp849F1y/wtZniKZ/
oW5NRDCRb3XAQOnOndI0KXPnyW6MYNsSOYwFps58tcD+Upq4r5dj3FT8D50sUv5W
eF6nHh6ahOIoG5GJBLTwLLF3yTjRy0k3iU2vazxUZTKioFsBIVgqSSFBsOAarUYN
L7JSfuecc+nX2/Ar+a/cJk6i4lD+12WC2MmXyAwc62OYWd3fAKhlV/zqVxgBV9gw
98ZPJvDnWeySNA0YP4XgQ7gKOZ2bZ+pv57xZi6Ld4UaM8/jJnp6p7QDRNEMVri9q
UJMif0BmlwTwrVWyNCYiCO3WphZo7L86ZN0O/qKolhP76GJ7LYR/6eDp//8LMp9I
rrvIsgTVAt+z9t80rO4NIyReUP8E4Iwp8OeE3lKdROz1seYENjN+uzlHC2/H1oIh
o2tvLlpWOIS7JoRshhofzo/abNDiBbifQr9hULBqeEFQRUXXNplGEDPTrDf/YlQX
y6Qvp9UHlZo1vCTU+EJek9DKU3MlmUQCE0yPQ9IvyWyY+r2akrLcEXcbLc2ePjKj
P7KHQjmTE3b514cSOxD66CbM3lOEy8Ui22JCldxoAHZHN3Kb4Qo94ryW2WNcErld
3QTUAMYoq3y2+lBLR5vz86m6NIc5IzZbNHAH89ZNgGmwFxqhVSg=
=3yit
-----END PGP SIGNATURE-----

Reply via email to