Your message dated Thu, 09 Mar 2017 23:20:45 +0000 with message-id <e1cm7mt-0008zk...@fasolo.debian.org> and subject line Bug#856269: fixed in ruby-zip 1.1.6-1+deb8u1 has caused the Debian Bug report #856269, regarding Security - ruby-zip package vulnerable to CVE to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 856269: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=856269 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby-zip Version: 1.1.6-1 Please see CVE-2017-5946. This version of the ruby-zip package is vulnerable to directory traversal attacks. Please upgrade to 1.2.1 or apply manual patch.
--- End Message ---
--- Begin Message ---Source: ruby-zip Source-Version: 1.1.6-1+deb8u1 We believe that the bug you reported is fixed in the latest version of ruby-zip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 856...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Salvatore Bonaccorso <car...@debian.org> (supplier of updated ruby-zip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 03 Mar 2017 07:21:15 +0100 Source: ruby-zip Binary: ruby-zip Architecture: source Version: 1.1.6-1+deb8u1 Distribution: jessie-security Urgency: high Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Salvatore Bonaccorso <car...@debian.org> Closes: 856269 Description: ruby-zip - Ruby module for reading and writing zip files Changes: ruby-zip (1.1.6-1+deb8u1) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. . [ Antonio Terceiro ] * debian/patches/ftbfs-jessie.patch: fix build failure on jessie . [ Salvatore Bonaccorso ] * CVE-2017-5946: directory traversal vulnerability in Zip::File component (Closes: #856269) Checksums-Sha1: d3b435b2b469b140d24924aeba87df6ca7809fbe 2274 ruby-zip_1.1.6-1+deb8u1.dsc 80765008a82b53d9646eccbfe132999e638a3e67 69567 ruby-zip_1.1.6.orig.tar.gz 800c84df0eb84f584d7bd74b4a8fd4346840dbc8 5264 ruby-zip_1.1.6-1+deb8u1.debian.tar.xz Checksums-Sha256: 358a517987a91b1593fff024ec0487e8e5bf8e110904d9a4e5802996f69129c6 2274 ruby-zip_1.1.6-1+deb8u1.dsc dd4f98e0f73ddaa2b3de166c38a14fc8248512555c064ca61b1aa237a4831e5f 69567 ruby-zip_1.1.6.orig.tar.gz 717349d6399f0df4964cd7b49021706b7770fee2681cf7f36eef759d5a244135 5264 ruby-zip_1.1.6-1+deb8u1.debian.tar.xz Files: 0b8c929638d52cfcc95188e89315bf22 2274 ruby optional ruby-zip_1.1.6-1+deb8u1.dsc 6b45c19edd41b70c0da03eb2a829df72 69567 ruby optional ruby-zip_1.1.6.orig.tar.gz f8d3625cc40146df1213337180b6796d 5264 ruby optional ruby-zip_1.1.6-1+deb8u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAli5C/9fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFagP/RkF/Iq6mVvNJ7H2qvZFH0Ij3w4mQfq2 virhGkERH9rheFz/jexoa2ucrMblzVmrxM/PPX38MDxhoT8U1QpGl+y90J5tXUqt jrvjTjAQeTi8Mt34PQ1dbsYgDr1k1eOwXLVfqCS4VhxBtih0BMq16y/n0rxWfn7q /REtgISKwjLDrWzoh8DpNRs9EQOqkfNjqyWJdrLUKtWGImeGaYyaM687JxiIU9wL 7eRG4Lz1UtC0FPmhOFoo6oFM9iDjHK3p8jRR9MIpCALa07VYC28ZfARTEBMAQzkR Ff5kWhVYYloR71gRYjMty0S9Tybg5itQHYKrtWBFGe1sQ5enbmnJ6Uq9FvEVA1iW cD2QuftrMfmUugOBcJNSFpgJytmEcmuGpFDkyGtLBWrQn4scgbP+4Vwb04sM6aUs dNr459j9S62siDI5eDYs52X590aHCSpyUgzs98BNSeh8rZEvVjXX3R02GwBTtdkp JbonQZXgaAt0a3gUPCdcy5aHpd/mmCN4t8Pn0D1KQ3MhwrOrcVQ/LxFMl98nw/jA mEMZcxl4/nUnBnQ5pkBt3x7pimJxoMqOvT9byJHI4Wv5Y1PF67wfHwB1gBn2Ksv6 3NXGWI94GSx/LlUiAZYAbped9KGNnycRKlFL3BDexqGWSZ4LoyBP0ottfHDy0p1D OTxXqA31csBY =JSjQ -----END PGP SIGNATURE-----
--- End Message ---
