[v3.1] patch: additional directory traversal and infinity loop (CVE-2015-1395, CVE-2015-1396, CVE-2014-9637)
CVE-2015-1395: Directory traversal flaw via file rename:
PATCH: https://savannah.gnu.org/bugs/?44059
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775873
CVE-2015-1396: Uncomplete fix for CVE-2015-1196 (#3854):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775901
CVE-2014-9637: With a specific file, patch goes to infinite loop and
eats all CPU time:
PATCH: https://savannah.gnu.org/bugs/?44051
References:
http://seclists.org/oss-sec/2015/q1/304
http://seclists.org/oss-sec/2015/q1/303
http://seclists.org/oss-sec/2015/q1/218
(from redmine: issue id 3892, created on 2015-02-02, closed on 2015-03-18)
- Relations:
- parent #3888 (closed)