A directory traversal flaw was discovered that allows remote attackers
to write to arbitrary files via a symlink attack in a patch file. This
could allow an attacker to overwrite arbitrary files by applying a
specially crafted patch, with the privileges of the user running patch.
It was reported that a crafted patch file can consume all available
memory and later segfault resulting in denial of service.