Age | Commit message (Collapse) | Author |
|
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-1000156
* upstream tracking: https://savannah.gnu.org/bugs/index.php?53566
* Fix arbitrary command execution in ed-style patches:
- src/pch.c (do_ed_script): Write ed script to a temporary file instead
of piping it to ed: this will cause ed to abort on invalid commands
instead of rejecting them and carrying on.
- tests/ed-style: New test case.
- tests/Makefile.am (TESTS): Add test case.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
* CVE detail: https://nvd.nist.gov/vuln/detail/CVE-2018-6951
* upstream tracking: http://savannah.gnu.org/bugs/?53132
* Fix segfault with mangled rename patch
- src/pch.c (intuit_diff_type): Ensure that two filenames are specified
for renames and copies (fix the existing check).
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
Upgrade patch from 2.7.5 to 2.7.6.
Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|