projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ad9c339) | patch
package/patch: annotate CVE-2019-13638
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Tue, 3 Mar 2020 19:47:03 +0000 (20:47 +0100)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Tue, 3 Mar 2020 21:39:09 +0000 (22:39 +0100)
commit77d2c77d2946e0c92df3ef73df851ebd1b5b8b27
tree23e0705987c81f3b6bba92170eb1dec48579f94ftree
parentad9c33935b2f765d020932d8268d2a46c6c130f1commit | diff
package/patch: annotate CVE-2019-13638

GNU patch through 2.7.6 is vulnerable to OS shell command injection that
can be exploited by opening a crafted patch file that contains an ed
style diff payload with shell metacharacters. The ed editor does not
need to be present on the vulnerable system. This is different from
CVE-2018-1000156.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/patch/patch.mk diff | blob | history