VulnerableCode Package Details - pkg:deb/debian/patch@2.7.5-1%2Bdeb8u1

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:deb/debian/patch@2.7.5-1%2Bdeb8u1

Essentials
History (11)

purl	pkg:deb/debian/patch@2.7.5-1%2Bdeb8u1

Next non-vulnerable version	2.7.6-7
Latest non-vulnerable version	2.7.6-7
Risk	4.0

Vulnerabilities affecting this package (5)

Vulnerability	Summary	Fixed by
VCID-fuan-yz1a-jbej Aliases: CVE-2018-1000156	multiple issues	2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-kxps-vxqz-wqfq Aliases: CVE-2019-13636	In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files. This affects inp.c and util.c.	2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.
VCID-mfsr-c5z2-hfh4 Aliases: CVE-2019-13638	GNU patch through 2.7.6 is vulnerable to OS shell command injection that can be exploited by opening a crafted patch file that contains an ed style diff payload with shell metacharacters. The ed editor does not need to be present on the vulnerable system. This is different from CVE-2018-1000156.	2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.
VCID-t9q9-5hw4-73cs Aliases: CVE-2016-10713	An issue was discovered in GNU patch before 2.7.6. Out-of-bounds access within pch_write_line() in pch.c can possibly lead to DoS via a crafted input file.	2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }}
VCID-ycqe-xdf8-x3du Aliases: CVE-2018-20969	do_ed_script in pch.c in GNU patch through 2.7.6 does not block strings beginning with a ! character. NOTE: this is the same commit as for CVE-2019-13638, but the ! syntax is specific to ed, and is unrelated to a shell metacharacter.	2.7.5-1+deb9u2 Affected by 5 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-3+deb10u1 Affected by 3 other vulnerabilities. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} {{ fixed_by_vuln.vulnerability_id }} 2.7.6-7 Affected by 0 other vulnerabilities.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T03:07:20.767934+00:00	Debian Oval Importer	Affected by	VCID-ycqe-xdf8-x3du	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-06T02:04:59.301578+00:00	Debian Oval Importer	Affected by	VCID-mfsr-c5z2-hfh4	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:52:18.286874+00:00	Debian Oval Importer	Affected by	VCID-kxps-vxqz-wqfq	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T23:43:51.728808+00:00	Debian Oval Importer	Affected by	VCID-t9q9-5hw4-73cs	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0
2026-06-05T22:54:05.748668+00:00	Debian Oval Importer	Affected by	VCID-ycqe-xdf8-x3du	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T22:52:24.193061+00:00	Debian Oval Importer	Affected by	VCID-kxps-vxqz-wqfq	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T22:51:07.355991+00:00	Debian Oval Importer	Affected by	VCID-mfsr-c5z2-hfh4	https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2	38.6.0
2026-06-05T22:49:16.276780+00:00	Debian Oval Importer	Affected by	VCID-kxps-vxqz-wqfq	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:36:19.275523+00:00	Debian Oval Importer	Affected by	VCID-mfsr-c5z2-hfh4	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-05T22:28:28.611077+00:00	Debian Oval Importer	Affected by	VCID-ycqe-xdf8-x3du	https://www.debian.org/security/oval/oval-definitions-stretch.xml.bz2	38.6.0
2026-06-02T00:56:15.692049+00:00	Debian Oval Importer	Affected by	VCID-fuan-yz1a-jbej	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.6.0