[Buildroot] [PATCH 3/5] package/patch: fix CVE-2018-20969

Peter Korsgaard peter at korsgaard.com
Sun Mar 15 10:14:15 UTC 2020


>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:

 > do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
 > beginning with a ! character. NOTE: this is the same commit as for
 > CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
 > a shell metacharacter.

 > Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>

Committed to 2019.02.x and 2019.11.x, thanks.

-- 
Bye, Peter Korsgaard


More information about the buildroot mailing list