patch (2.7.5-1ubuntu0.16.04.2) xenial-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2019-13636.patch: Don't follow symlinks unless
      --follow-symlinks is given in src/inp.c, src/util.c.
    - CVE-2019-13636
  * SECURITY UPDATE: Shell command injection
    - debian/patches/CVE-2019-13638.patch: Invoke ed directly instead of
      using the shell in src/pch.c.
    - CVE-2019-13638

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Tue, 23 Jul 2019 09:17:32 -0300

patch (2.7.5-1ubuntu0.16.04.1) xenial-security; urgency=medium

  * SECURITY UPDATE: Out-of-bounds access
    - debian/patches/CVE-2016-10713.patch: fix in
      src/pch.c.
    - CVE-2016-10713
  * SECURITY UPDATE: Input validation vulnerability
    - debian/patches/CVE-2018-1000156.patch: fix in
      src/pch.c adding tests in Makefile.in, tests/ed-style.
    - debian/patches/0001-Fix-ed-style-test-failure.patch:
      fix test.
    - CVE-2018-1000156
  * SECURITY UPDATE: NULL pointer dereference
    - debian/patches/CVE-2018-6951.patch: fix in src/pch.c.
    - CVE-2018-6951
  * Adds dh_autoreconf to asure it will use the right automake, also adding
    dh_autoreconf as build-depend.

 -- Leonidas S. Barbosa <leo.barbosa@canonical.com>  Mon, 09 Apr 2018 12:16:54 -0300

patch (2.7.5-1) unstable; urgency=medium

  * New upstream release.
  * Fix symlink directory regression (closes: #777122).
  * Update Standards-Version to 3.9.6 .

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 07 Mar 2015 06:27:14 +0000

patch (2.7.4-2) unstable; urgency=low

  * Backport test suite fixes.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Wed, 04 Feb 2015 22:33:38 +0000

patch (2.7.4-1) unstable; urgency=high

  * New upstream release.
  * Fix symlink handling (closes: #776257).
  * Fix infinite loop with fuzzed diff (closes: #776271).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sat, 31 Jan 2015 21:43:36 +0000

patch (2.7.3-1) unstable; urgency=high

  * New upstream release with security fixes:
    - fix all cases of CVE-2015-1196 (closes: #775873, #775901),
    - fix infinite loop while applying patch, CVE-2014-9637.
  * Remove outdated disable-update-version and add_manpage_time.patch
    Debian patches.
  * Add homepage field.
  * Add watch file.

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 23 Jan 2015 20:27:32 +0000

patch (2.7.1-7) unstable; urgency=high

  * Backport patches from upstream Git tree:
    - fix CVE-2015-119: directory traversal via symlinks (closes: #775227),
    - infinite loop while applying patch (closes: #775540),
    - segmentation fault while applying corrupted patch (closes: #775793).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Tue, 20 Jan 2015 19:34:19 +0000

patch (2.7.1-6) unstable; urgency=medium

  * Fix ed check during build (closes: #721429, #729132).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Sun, 10 Aug 2014 18:05:47 +0000

patch (2.7.1-5) unstable; urgency=low

  * Add watch file.

  [ James Hunt <james.hunt@ubuntu.com> ]
  * Fix segfault due to incorrect usage (closes: #742470).

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 14 Apr 2014 18:31:53 +0200

patch (2.7.1-4) unstable; urgency=low

  * New maintainer (closes: #728664).
  * Add manual last change date (closes: #674052).
  * Update Standards-Version to 3.9.5 .

 -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Mon, 04 Nov 2013 12:36:11 +0000

# For older changelog entries, run 'apt-get changelog patch'