-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:050
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : patch
 Date    : March 2, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated patch package fixes security vulnerabilities:
 
 It was reported that a crafted diff file can make patch eat memory
 and later segfault (CVE-2014-9637).
 
 It was reported that the versions of the patch utility that support
 Git-style patches are vulnerable to a directory traversal flaw. This
 could allow an attacker to overwrite arbitrary files by applying a
 specially crafted patch, with the privileges of the user running patch
 (CVE-2015-1395).
 
 GNU patch before 2.7.4 allows remote attackers to write to arbitrary
 files