[Buildroot] [PATCH 3/5] package/patch: fix CVE-2018-20969
Peter Korsgaard
peter at korsgaard.com
Sun Mar 15 10:14:15 UTC 2020
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings
> beginning with a ! character. NOTE: this is the same commit as for
> CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to
> a shell metacharacter.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2019.02.x and 2019.11.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list