Fixed #1554752 - Double free of memory, CVE-2018-6952

2018-09-10 13:27:04 +02:00 · 2018-09-10 13:27:04 +02:00 · 677e72bdb1
commit 677e72bdb1
parent 6cc9c0f08c
1 changed files with 8 additions and 2 deletions
--- a/patch.spec
+++ b/patch.spec
@ -1,16 +1,17 @@
 Summary: Utility for modifying/upgrading files
 Name: patch
 Version: 2.7.6
-Release: 5%{?dist}
+Release: 6%{?dist}
 License: GPLv3+
 URL: http://www.gnu.org/software/patch/patch.html
 Group: Development/Tools
 Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
 Patch1: patch-CVE-2018-1000156.patch
+Patch2: patch-2.7.6-CVE-2018-6952.patch
 Patch100: patch-selinux.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)

-BuildRequires:  gcc
+BuildRequires: gcc
 BuildRequires: libselinux-devel
 BuildRequires: libattr-devel
 BuildRequires: ed
@ -30,6 +31,8 @@ applications.

 # CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
 %patch1 -p1 -b .CVE-2018-1000156
+# CVE-2018-6952
+%patch2 -p1 -b .CVE-2018-6952

 # SELinux support.
 %patch100 -p1 -b .selinux
@ -56,6 +59,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_mandir}/*/*

 %changelog
+* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
+- Fixed #1554752 - Double free of memory, CVE-2018-6952
+
 * Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild