PublicDateAtUSN: 2015-01-28
Candidate: CVE-2015-1396
PublicDate: 2019-11-25 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1396
 https://ubuntu.com/security/notices/USN-2651-1
Description:
 A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A
 remote attacker can write to arbitrary files via a symlink attack in a
 patch file. NOTE: this issue exists because of an incomplete fix for
 CVE-2015-1196.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
Priority: medium
Discovered-by: Jakub Wilk
Assigned-to: tyhicks
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]

Patches_patch:
 upstream: http://git.savannah.gnu.org/cgit/patch.git/commit/?id=41688ad8ef88bc296f3bed30b171ec73e5876b88
upstream_patch: released (2.7.3-1)
lucid_patch: not-affected (2.6-2ubuntu1)
precise_patch: not-affected (2.6.1-3)
trusty_patch: released (2.7.1-4ubuntu2.3)
trusty/esm_patch: released (2.7.1-4ubuntu2.3)
utopic_patch: released (2.7.1-5ubuntu0.3)
vivid_patch: released (2.7.3-1)
devel_patch: released (2.7.3-1)