GNU bug report logs - #47144
security patching of 'patch' package

Previous Next

Package: guix;

Reported by: Mark H Weaver <mhw <at> netris.org>

Date: Sun, 14 Mar 2021 21:39:02 UTC

Severity: normal

Tags: security

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 47144 <at> debbugs.gnu.org (full text, mbox):

From: Leo Famulari <leo <at> famulari.name>
To: Mark H Weaver <mhw <at> netris.org>
Cc: 47144 <at> debbugs.gnu.org
Subject: Re: bug#47144: security patching of 'patch' package
Date: Wed, 14 Apr 2021 17:54:28 -0400

On Sun, Mar 14, 2021 at 05:37:25PM -0400, Mark H Weaver wrote:
> patch <at> 2.7.6: probably vulnerable to CVE-2019-13636, CVE-2019-13638,
> CVE-2019-20633, CVE-2018-1000156, CVE-2018-20969, CVE-2018-6951, CVE-
> 2018-6952

I tried building a "fixed" package of patch, cherry-picking bug fix
patches from patch.git.

Unfortunately, the patches largely don't apply to the most recent
release of patch.

Since there is no release fixing these bugs, and no clear advice about
which patches to apply, I'm going to stop working on this for now.

This bug report was last modified 333 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47144 security patching of 'patch' package

GNU bug report logs - #47144
security patching of 'patch' package