group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 1669894] Re: Security - CVE-2017-5946

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Tyler Hicks <tyhicks@xxxxxxxxxxxxx>
Date: Mon, 13 Mar 2017 17:38:34 -0000
Reply-to: Bug 1669894 <1669894@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

This bug was fixed in the package ruby-zip - 1.2.0-1.1

---------------
ruby-zip (1.2.0-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * CVE-2017-5946: directory traversal vulnerability in Zip::File component
    (Closes: #856269)

 -- Salvatore Bonaccorso <carnil@xxxxxxxxxx>  Mon, 27 Feb 2017 17:38:59
+0100

** Changed in: ruby-zip (Ubuntu)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/1669894

Title:
  Security - CVE-2017-5946

Status in libzip-ruby package in Ubuntu:
  In Progress
Status in ruby-zip package in Ubuntu:
  Fix Released
Status in ruby-zip source package in Xenial:
  Incomplete
Status in ruby-zip source package in Yakkety:
  Incomplete
Status in ruby-zip source package in Zesty:
  Fix Released

Bug description:
  This version of rubyzip is vulnerable to directory traversal attacks.
  Please see CVE-2017-5946.

  It needs to be upgraded to version 1.2.1. It is currently on version
  1.1.7.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libzip-ruby/+bug/1669894/+subscriptions