Your message dated Mon, 30 Jan 2017 08:48:45 +0000
with message-id <e1cy7dl-0000fh...@fasolo.debian.org>
and subject line Bug#853075: fixed in ruby-minitar 0.5.4-3.1
has caused the Debian Bug report #853075,
regarding ruby-minitar: CVE-2016-10173: directory traversal vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
853075: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853075
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: ruby-minitar
Version: 0.5.4-3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/halostatue/minitar/issues/16
Hi,
the following vulnerability was published for ruby-minitar.
CVE-2016-10173[0]:
directory traversal vulnerability
There is an upstream bug for it at [1], which as well references a
minimal patch from SuSE for the issue at [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10173
[1] https://github.com/halostatue/minitar/issues/16
[2] https://bugzilla.opensuse.org/show_bug.cgi?id=1021740#c5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-minitar
Source-Version: 0.5.4-3.1
We believe that the bug you reported is fixed in the latest version of
ruby-minitar, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 853...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby-minitar
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Jan 2017 07:00:07 +0100
Source: ruby-minitar
Binary: ruby-minitar ruby-archive-tar-minitar
Architecture: all source
Version: 0.5.4-3.1
Distribution: unstable
Urgency: high
Maintainer: Debian Ruby Extras Maintainers
<pkg-ruby-extras-maintain...@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 853075
Description:
ruby-archive-tar-minitar - Provides POSIX tarchive management for Ruby -
transitional packag
ruby-minitar - Provides POSIX tarchive management for Ruby
Changes:
ruby-minitar (0.5.4-3.1) unstable; urgency=high
.
* Non-maintainer upload.
* CVE-2016-10173: directory traversal vulnerability (Closes: #853075)
Checksums-Sha1:
51b0649333449f6ab5b04e0b5d0ac473834a8105 4428
ruby-archive-tar-minitar_0.5.4-3.1_all.deb
52c859db24f973f47e1d166ac1c0c482f8fa5d15 17188 ruby-minitar_0.5.4-3.1_all.deb
722a5d94349c085d8d85cb0e0010c77be76080c7 2296 ruby-minitar_0.5.4-3.1.dsc
bdb98db36eb2ba56a02b2efb47e898a6da3b17a2 3692
ruby-minitar_0.5.4-3.1.debian.tar.xz
Checksums-Sha256:
2a175dcd081c250af275a1428966c91e2bc5ac869a7ddd671a0b5bc2927cb56d 4428
ruby-archive-tar-minitar_0.5.4-3.1_all.deb
e1c84f0624f1a68536d1953081641af876df32f86ce99172a0dff7b73869d52b 17188
ruby-minitar_0.5.4-3.1_all.deb
992b50c9d70077af7aa0211c4600fc3d71abf5a7a1fa7b6223cdbeb23ba2c63f 2296
ruby-minitar_0.5.4-3.1.dsc
62f4e761ab3947cac6af55edd9053da5b069afb40a19f983f24440f2ad6f59ac 3692
ruby-minitar_0.5.4-3.1.debian.tar.xz
Files:
97019f4958404aa690c36c9865ae9da8 4428 oldlibs extra
ruby-archive-tar-minitar_0.5.4-3.1_all.deb
f77894d90df95ea41254f014eda36767 17188 ruby optional
ruby-minitar_0.5.4-3.1_all.deb
d50bc53d9f9844a28d306905f50f62d1 2296 ruby optional ruby-minitar_0.5.4-3.1.dsc
9277f0c58bda61740971ed663ccb27f9 3692 ruby optional
ruby-minitar_0.5.4-3.1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliO1/1fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89E2s4P/1fpyGTsshkGhtPI4YaZZ0TzaJni0/f2
hcO841UtlPaxR2PceZKeZdtfzgf6Thf4F/E5XavM0CyOL2SP+HmaHI//Bjw0IhSN
Y+jI1F/v2Yb0Y5InwVDY2d0hMmzNFXlbqCGovcYZx7XjI7Eml5FQe1Ya8lUPylXH
9h7flTtXLEl1JV8YCajhqxtLquWMs3tqjQzLovkl6eN5Cdpn+f1N2zUqgeZrYzHk
sItw9Ev282g2UjCwsF9CDNFqzWtQyjAlyYTCj/Z94w/PKD4Mxpt4DlumAtcMriBE
pjb1l+qBZki29jP3S1U+fSVdkioT4mI1bifaPKQ7Ft9yJqy1eB/JzRx+ui19JGa8
Fhvnu46ODvJ5BuDAKcYJWp5lj41HV69gsExZECn/i6XJ309PnXjtif0VPYbubdTg
HHu+eKYw14t3n4OY28QOZI/Ud9RXWYNs3f9e1vyCD0ilIhuGXnecwgZfj/VD973E
85aE1zb+qmf1aF6nYVwG6B7wmvvjlCtRXxgMVZVat+QQaLvDA2sf146TIDsXKgOP
La1rxvtptMZGDOxI56CA27go8NgthQzeQ2HuXQ+NrUnDpImfV2RTawAylS3SUAYX
0WWXTI6hdnhRMilPU6X+9SPMiEiOhn4iA0QKzE3/mxFVuqBzvSkwzh0cGM4FXzir
SRUPan1eaiJ+
=bv2M
-----END PGP SIGNATURE-----
--- End Message ---
