oss-sec mailing list archives
Re: CVE-2015-1416: vulnerability in patch(1)
From: Mark Felder <feld () feld me>
Date: Sat, 01 Aug 2015 08:49:34 -0500
On Thu, Jul 30, 2015, at 07:05, Adam Maris wrote:
Hello, I'd like to know whether CVE-2015-1416 is BSD-only issue (https://www.freebsd.org/security/advisories/FreeBSD-SA-15:14.bsdpatch.asc) or does it also affect upstream patch(1) utility? In that case, is it tracked in upstream? Thank you -- Adam Maris / Red Hat Product Security
Hi Adam, Which upstream? There are a few different flavors of patch(1) out there. The one in FreeBSD is a variant of Larry Wall's patch, not GNU patch.
Current thread:
- CVE-2015-1416: vulnerability in patch(1) Adam Maris (Jul 30)
- Re: CVE-2015-1416: vulnerability in patch(1) Mark Felder (Aug 01)
- Re: CVE-2015-1416: vulnerability in patch(1) Florian Weimer (Aug 01)
- Re: CVE-2015-1416: vulnerability in patch(1) Mark Felder (Aug 01)
- Re: CVE-2015-1416: vulnerability in patch(1) cve-assign (Aug 02)
- Re: CVE-2015-1416: vulnerability in patch(1) Florian Weimer (Aug 01)
- Re: CVE-2015-1416: vulnerability in patch(1) Mark Felder (Aug 01)