Bug#856683: Security - ruby-zip package vulnerable to CVE

Salvatore Bonaccorso Fri, 03 Mar 2017 12:39:42 -0800

Control: reassign -1 src:ruby-zip
Control: forcemerge 856269 -1

Hi


On Fri, Mar 03, 2017 at 02:13:43PM -0600, Phillip Prescher wrote:
> Package: ruby-zip
> Version: 1.1.6-1
> 
> Please see CVE-2017-5946. This version of the ruby-zip package is
> vulnerable to directory traversal attacks. Please upgrade to 1.2.1 or apply
> manual patch.

See #856269, where it has already been handled for unstable/strech and
is pending for jessie-security.

Regards,
Salvatore

Bug#856683: Security - ruby-zip package vulnerable to CVE

Reply via email to