Phabricator: The "Download Raw Diff" URL is viewable by everyone

mongoose This is similar to 213942, but less severe. Here is what you said in 213942: The change makes us write files with narrow permissions instead of broad permissions, write temporary files instead of permanent files and ... If I understand your comment correctly, suppose that an Administrato...

[SECURITY] Fedora 26 Update: patch-2.7.6-4.fc26

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

[SECURITY] Fedora 27 Update: patch-2.7.6-4.fc27

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

patch security update

CentOS Errata and Security Advisory CESA-2018:1199 An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

UBUNTU-CVE-2018-10539

An issue was discovered in WavPack 5.1.0 and earlier for DSDiff input. Out-of-bounds writes can occur because ParseDsdiffHeaderConfig in dsdiff.c does not validate the sizes of unknown chunks before attempting memory allocation, related to a lack of integer-overflow protection within a bytestocop...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Important: Red Hat Security Advisory: patch security update

An update for patch is now available for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the...

Regular Expression Denial of Service (ReDoS)

Overview com.sksamuel.diff:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th,...

Regular Expression Denial of Service (ReDoS)

Overview org.github.evenjn:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th,...

Regular Expression Denial of Service (ReDoS)

Overview io.konig:diff is a javascript text differencing implementation. Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS. This can cause an impact of about 10 seconds matching time for data 48K characters long. Disclosure Timeline Feb 15th, 2018 -...

[SECURITY] Fedora 27 Update: patch-2.7.6-3.fc27

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

AZL-35103 CVE-2018-6951 affecting package patch for versions less than 2.7.6-9

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...

DEBIAN-CVE-2018-6951

An issue was discovered in GNU patch through 2.7.6. There is a segmentation fault, associated with a NULL pointer dereference, leading to a denial of service in the intuitdifftype function in pch.c, aka a "mangled rename" issue...

Linux Process Hunter: Prochunter

Prochunter aims to find hidden process with all userspace and most of the kernelspace rootkits. This tool is composed of a kernel module that prints out all running processes walking the taskstruct list and creates /sys/kernel/prochunter/set entry. A python script that invokes the kernel function...

Pivotal Cloud Foundry GrootFS Cache Poisoning Vulnerability

Pivotal Cloud Foundry CF is an open source Platform-as-a-Service PaaS cloud computing platform from Pivotal Software that provides container scheduling, continuous delivery, and automated service deployment.GrootFS is one of the root file system components. A security vulnerability exists in...

tor/oss-fuzz-diff: Use-of-uninitialized-value in cdline_linecpy

Project: https://git.torproject.org/tor.git Detailed report: https://oss-fuzz.com/testcase?key=4831951589474304 Project: tor Fuzzer: libFuzzertoross-fuzz-diff Fuzz target binary: oss-fuzz-diff Job Type: libfuzzermsantor Platform Id: linux Crash Type: Use-of-uninitialized-value Crash Address: Cras...

CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation fault via a crafted diff file...

CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

DEBIAN-CVE-2015-1395

Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. dot dot in a diff file name...

DEBIAN-CVE-2014-9637

GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service memory consumption and segmentation fault via a crafted diff file...