[ubuntu/disco-updates] patch 2.7.6-3ubuntu0.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Wed Jul 24 14:31:40 UTC 2019

patch (2.7.6-3ubuntu0.1) disco-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

Date: 2019-07-23 16:33:13.701481+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list