On 2015-02-01, Christian Weisgerber <na...@mips.inka.de> wrote: > Update devel/gpatch to 2.7.3, uh, make that 2.7.4: > > * Patch no longer follows symbolic links to input and output files. This > ensures that symbolic links created by git-style patches cannot cause > patch to write outside the working directory (CVE-2015-1196).
Is this worth committing to -stable? -- Christian "naddy" Weisgerber na...@mips.inka.de