PublicDateAtUSN: 2011-03-11
Candidate: CVE-2010-4651
PublicDate: 2011-03-11 22:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4651
 https://ubuntu.com/security/notices/USN-2651-1
Description:
 Directory traversal vulnerability in util.c in GNU patch 2.6.1 and earlier
 allows user-assisted remote attackers to create or overwrite arbitrary
 files via a filename that is specified with a .. (dot dot) or full
 pathname, a related issue to CVE-2010-1679.
Ubuntu-Description:
Notes:
 mdeslaur> patch changes behaviour and likely causes regressions
Bugs:
Priority: low
Discovered-by: Jakub Wilk
Assigned-to: tyhicks
CVSS: 

Patches_patch:
 upstream: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=685a78b6052f4df6eac6d625a545cfb54a6ac0e1
upstream_patch: needs-triage
precise_patch: released (2.6.1-3ubuntu0.1)
trusty_patch: not-affected (2.7.1-4ubuntu1)
trusty/esm_patch: not-affected (2.7.1-4ubuntu1)
utopic_patch: not-affected (2.7.1-5)
vivid_patch: not-affected (2.7.1-6)
devel_patch: not-affected (2.7.1-6)