[ubuntu/xenial-security] patch 2.7.5-1ubuntu0.16.04.2 (Accepted)
Leonidas S. Barbosa
leo.barbosa at canonical.com
Wed Jul 24 13:36:53 UTC 2019
patch (2.7.5-1ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
--follow-symlinks is given in src/inp.c, src/util.c.
- CVE-2019-13636
* SECURITY UPDATE: Shell command injection
- debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
using the shell in src/pch.c.
- CVE-2019-13638
Date: 2019-07-23 16:28:17.236712+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/patch/2.7.5-1ubuntu0.16.04.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Xenial-changes
mailing list