patch (2.7.6-3+deb10u1) buster-security; urgency=high * Fix CVE-2019-13636: mishandled following of symlinks (closes: #932401). * Fix CVE-2019-13638: shell command injection. * Fix CVE-2018-1000156 regression, temporary file leak on failed ed-style patches (closes: #933140). -- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 26 Jul 2019 10:58:07 +0000