Source: patch Version: 2.7.6-3 Severity: important Tags: security upstream Control: found -1 2.7.6-4
Hi, The following vulnerability was published for patch. CVE-2019-13636[0]: | In GNU patch through 2.7.6, the following of symlinks is mishandled in | certain cases other than input files. This affects inp.c and util.c. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-13636 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13636 [1] https://git.savannah.gnu.org/cgit/patch.git/commit/?id=dce4683cbbe107a95f1f0d45fabc304acfb5d71a Please adjust the affected versions in the BTS as needed. Regards, Salvatore