- Synchronized data.

2025-07-29 05:56:59 +00:00 · 2018-04-06 01:03:49 -04:00 · 2018-04-06 01:03:49 -04:00 · 7b6417daed
commit 7b6417daed
parent 9191692ad2
1 changed files with 16 additions and 1 deletions
--- a/2015/1xxx/CVE-2015-1418.json
+++ b/2015/1xxx/CVE-2015-1418.json
@ -34,7 +34,7 @@
      "description_data" : [
         {
            "lang" : "eng",
-            "value" : "patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1 allows remote attackers to execute arbitrary commands via a crafted patch file."
+            "value" : "The do_ed_script function in pch.c in GNU patch through 2.7.6, and patch in FreeBSD 10.1 before 10.1-RELEASE-p17, 10.2 before 10.2-BETA2-p3, 10.2-RC1 before 10.2-RC1-p2, and 0.2-RC2 before 10.2-RC2-p1, allows remote attackers to execute arbitrary commands via a crafted patch file, because a '!' character can be passed to the ed program."
         }
      ]
   },
@ -52,6 +52,21 @@
   },
   "references" : {
      "reference_data" : [
+         {
+            "name" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/",
+            "refsource" : "MISC",
+            "url" : "http://rachelbythebay.com/w/2018/04/05/bangpatch/"
+         },
+         {
+            "name" : "https://bugs.debian.org/894667",
+            "refsource" : "MISC",
+            "url" : "https://bugs.debian.org/894667"
+         },
+         {
+            "name" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig",
+            "refsource" : "MISC",
+            "url" : "https://ftp.openbsd.org/pub/OpenBSD/patches/5.7/common/013_patch.patch.sig"
+         },
         {
            "name" : "FreeBSD-SA-15:18",
            "refsource" : "FREEBSD",