Updated patch package fixes security vulnerabilities:

It was reported that a crafted diff file can make patch eat memory
and later segfault (CVE-2014-9637).

It was reported that the versions of the patch utility that support
Git-style patches are vulnerable to a directory traversal flaw. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch
(CVE-2015-1395).

GNU patch before 2.7.4 allows remote attackers to write to arbitrary
files via a symlink attack in a patch file (CVE-2015-1196).