VulnerableCode Package Details - pkg:deb/debian/patch@2.5-2

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/patch@2.5-2

Essentials
History (15)

purl	pkg:deb/debian/patch@2.5-2

Next non-vulnerable version	2.7.6-7
Latest non-vulnerable version	2.7.6-7
Risk	4.0

Vulnerabilities affecting this package (9)

Vulnerability	Summary	Fixed by
VCID-6p9q-vmce-e7gx Aliases: CVE-2019-13636		2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.
VCID-9417-uccf-8bf2 Aliases: CVE-2015-1396	A Directory Traversal vulnerability exists in the GNU patch before 2.7.4. A remote attacker can write to arbitrary files via a symlink attack in a patch file. NOTE: this issue exists because of an incomplete fix for CVE-2015-1196.	2.7.5-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-babz-twua-d7fy Aliases: CVE-2019-13638		2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.
VCID-h4n1-v4yw-d7a5 Aliases: CVE-2018-1000156		2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-m9p4-evvv-efhg Aliases: CVE-2016-10713		2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-mnkb-wepk-qkd2 Aliases: CVE-2015-1395	Directory traversal vulnerability in GNU patch versions which support Git-style patching before 2.7.3 allows remote attackers to write to arbitrary files with the permissions of the target user via a .. (dot dot) in a diff file name.	2.7.5-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ycff-3gg5-kyh6 Aliases: CVE-2015-1196	GNU patch 2.7.1 allows remote attackers to write to arbitrary files via a symlink attack in a patch file.	2.7.5-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zbsx-6bfg-yybz Aliases: CVE-2014-9637	GNU patch 2.7.2 and earlier allows remote attackers to cause a denial of service (memory consumption and segmentation fault) via a crafted diff file.	2.7.5-1 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-zmz6-3d9k-7qdg Aliases: CVE-2018-20969	security update	2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-13T12:48:06.504041+00:00	Debian Oval Importer	Affected by	VCID-9417-uccf-8bf2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T12:19:50.085251+00:00	Debian Oval Importer	Affected by	VCID-zbsx-6bfg-yybz	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T11:41:39.611593+00:00	Debian Oval Importer	Affected by	VCID-ycff-3gg5-kyh6	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T10:28:34.042511+00:00	Debian Oval Importer	Affected by	VCID-zmz6-3d9k-7qdg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T07:53:55.938733+00:00	Debian Oval Importer	Affected by	VCID-babz-twua-d7fy	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:42:56.683866+00:00	Debian Oval Importer	Affected by	VCID-h4n1-v4yw-d7a5	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T06:34:52.883412+00:00	Debian Oval Importer	Affected by	VCID-mnkb-wepk-qkd2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T02:38:20.957055+00:00	Debian Oval Importer	Affected by	VCID-6p9q-vmce-e7gx	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T02:18:00.515658+00:00	Debian Oval Importer	Affected by	VCID-m9p4-evvv-efhg	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-13T01:19:38.340931+00:00	Debian Oval Importer	Affected by	VCID-zmz6-3d9k-7qdg	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-13T01:18:01.841652+00:00	Debian Oval Importer	Affected by	VCID-6p9q-vmce-e7gx	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-13T01:16:45.949367+00:00	Debian Oval Importer	Affected by	VCID-babz-twua-d7fy	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-13T01:14:59.022983+00:00	Debian Oval Importer	Affected by	VCID-6p9q-vmce-e7gx	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-13T01:02:08.381577+00:00	Debian Oval Importer	Affected by	VCID-babz-twua-d7fy	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-13T00:54:23.121925+00:00	Debian Oval Importer	Affected by	VCID-zmz6-3d9k-7qdg	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0