patch(1) no longer applies patches for symbolic links with ".." components in the target
Tim Waugh
twaugh at redhat.com
Mon Jan 26 16:37:31 UTC 2015
Last week, patch-2.7.3 was released fixing CVE-2015-1196. Both Fedora 20
and Fedora 21 have testing updates:
https://admin.fedoraproject.org/updates/FEDORA-2015-1165
https://admin.fedoraproject.org/updates/FEDORA-2015-1134
The fix prevents patches applying if they are for symbolic links with a
target containing the ".." pathname component:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901#13
Please be aware that some legitimate patches may fail as a result, until
a better fix can be found.
Tim.
*/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20150126/3a2b6ca6/attachment.sig>
More information about the devel
mailing list