[Group.of.nepali.translators] [Bug 1669894] Re: Security - CVE-2017-5946

Tyler Hicks Mon, 13 Mar 2017 10:46:46 -0700

This bug was fixed in the package ruby-zip - 1.2.0-1.1

---------------
ruby-zip (1.2.0-1.1) unstable; urgency=medium


  * Non-maintainer upload.
  * CVE-2017-5946: directory traversal vulnerability in Zip::File component
    (Closes: #856269)

 -- Salvatore Bonaccorso <car...@debian.org>  Mon, 27 Feb 2017 17:38:59
+0100

** Changed in: ruby-zip (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669894

Title:
  Security - CVE-2017-5946

Status in libzip-ruby package in Ubuntu:
  In Progress
Status in ruby-zip package in Ubuntu:
  Fix Released
Status in ruby-zip source package in Xenial:
  Incomplete
Status in ruby-zip source package in Yakkety:
  Incomplete
Status in ruby-zip source package in Zesty:
  Fix Released

Bug description:
  This version of rubyzip is vulnerable to directory traversal attacks.
  Please see CVE-2017-5946.

  It needs to be upgraded to version 1.2.1. It is currently on version
  1.1.7.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libzip-ruby/+bug/1669894/+subscriptions

_______________________________________________
Mailing list: https://launchpad.net/~group.of.nepali.translators
Post to     : group.of.nepali.translators@lists.launchpad.net
Unsubscribe : https://launchpad.net/~group.of.nepali.translators
More help   : https://help.launchpad.net/ListHelp

[Group.of.nepali.translators] [Bug 1669894] Re: Security - CVE-2017-5946

Reply via email to