Debian Patches
Status for sed/4.9-1+deb12u1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| sed-i-follow-symlinks-fix-TOCTOU-race-CVE-2026-5958.patch | sed: -i --follow-symlinks: fix TOCTOU race (CVE-2026-5958) When using -i with --follow-symlinks, sed resolved the symlink via readlink() and then opened the original symlink path in a separate syscall. An attacker who swapped the symlink between those two operations could cause sed to read from an attacker-controlled file while writing the result to the originally resolved target, enabling arbitrary file overwrite. Fix by opening the already-resolved path rather than re-traversing the symlink. Reported by MichaĆ Majchrowicz and Marcin Wyczechowski (AFINE Team). * sed/execute.c (open_next_file): Use input->in_file_name (the resolved path) rather than "name" (the original symlink) in the ck_fopen call. * NEWS: Mention this. |
Jim Meyering <meyering@meta.com> | no | debian | https://gitweb.git.savannah.gnu.org/gitweb/?p=sed.git;a=commitdiff;h=6b9b43c55ccd3beadbc0094b983c82bdb389f33b | 2026-04-03 |
All known versions for source package 'sed'
- 4.9-3 (forky, sid)
- 4.9-2+deb13u1 (trixie)
- 4.9-1+deb12u1 (bookworm)