Fixed #1554752 - Double free of memory, CVE-2018-6952

This commit is contained in:
Than Ngo 2018-09-10 13:27:04 +02:00
parent 6cc9c0f08c
commit 677e72bdb1

View File

@ -1,12 +1,13 @@
Summary: Utility for modifying/upgrading files
Name: patch
Version: 2.7.6
Release: 5%{?dist}
Release: 6%{?dist}
License: GPLv3+
URL: http://www.gnu.org/software/patch/patch.html
Group: Development/Tools
Source: ftp://ftp.gnu.org/gnu/patch/patch-%{version}.tar.xz
Patch1: patch-CVE-2018-1000156.patch
Patch2: patch-2.7.6-CVE-2018-6952.patch
Patch100: patch-selinux.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@ -30,6 +31,8 @@ applications.
# CVE-2018-1000156, Malicious patch files cause ed to execute arbitrary commands
%patch1 -p1 -b .CVE-2018-1000156
# CVE-2018-6952
%patch2 -p1 -b .CVE-2018-6952
# SELinux support.
%patch100 -p1 -b .selinux
@ -56,6 +59,9 @@ rm -rf $RPM_BUILD_ROOT
%{_mandir}/*/*
%changelog
* Wed Aug 15 2018 Than Ngo <than@redhat.com> - 2.7.6-6
- Fixed #1554752 - Double free of memory, CVE-2018-6952
* Fri Jul 13 2018 Fedora Release Engineering <releng@fedoraproject.org> - 2.7.6-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild