projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1a953aa) | patch
package/patch: fix CVE-2018-20969
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Tue, 3 Mar 2020 19:47:01 +0000 (20:47 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 3 Mar 2020 21:39:09 +0000 (22:39 +0100)
commit0835550ce984b1755c1e8540bbbeb24844392c5d
tree3e0aa71fab587cca7463eb86c944eab11ab682e2tree
parent1a953aac9596dbee1d5caffcc15d29eed8d87185commit | diff
package/patch: fix CVE-2018-20969

do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
beginning with a ! character. NOTE: this is the same commit as for
CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
a shell metacharacter.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/patch/0004-Invoke-ed-directly-instead-of-using-the-shell.patch [new file with mode: 0644] blob
package/patch/patch.mk diff | blob | history