patch(1) no longer applies patches for symbolic links with ".." components in the target

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Last week, patch-2.7.3 was released fixing CVE-2015-1196. Both Fedora 20
and Fedora 21 have testing updates:
https://admin.fedoraproject.org/updates/FEDORA-2015-1165
https://admin.fedoraproject.org/updates/FEDORA-2015-1134

The fix prevents patches applying if they are for symbolic links with a
target containing the ".." pathname component:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901#13

Please be aware that some legitimate patches may fail as a result, until
a better fix can be found.

Tim.
*/

Attachment: signature.asc
Description: This is a digitally signed message part

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux