[DRE-maint] Bug#856683: Security - ruby-zip package vulnerable to CVE
Salvatore Bonaccorso
carnil at debian.org
Fri Mar 3 20:35:22 UTC 2017
Control: reassign -1 src:ruby-zip
Control: forcemerge 856269 -1
Hi
On Fri, Mar 03, 2017 at 02:13:43PM -0600, Phillip Prescher wrote:
> Package: ruby-zip
> Version: 1.1.6-1
>
> Please see CVE-2017-5946. This version of the ruby-zip package is
> vulnerable to directory traversal attacks. Please upgrade to 1.2.1 or apply
> manual patch.
See #856269, where it has already been handled for unstable/strech and
is pending for jessie-security.
Regards,
Salvatore
More information about the Pkg-ruby-extras-maintainers
mailing list