Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted libzip-ruby 0.9.4-1+deb7u1 (source all) into oldstable
Date: Mon, 06 Mar 2017 20:40:12 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 06 Mar 2017 21:19:29 +0100
Source: libzip-ruby
Binary: libzip-ruby1.8 libzip-ruby1.9.1
Architecture: source all
Version: 0.9.4-1+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Tatsuki Sugiura <sugi@nemui.org>
Changed-By: Markus Koschany <apo@debian.org>
Description: 
 libzip-ruby1.8 - a ruby module for reading and writing zip files
 libzip-ruby1.9.1 - a ruby module for reading and writing zip files
Changes: 
 libzip-ruby (0.9.4-1+deb7u1) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2017-5946:
     It was discovered that libzip-ruby, a Ruby module for reading and writing
     zip files, is prone to a directory traversal vulnerability. An attacker can
     take advantage of this flaw to overwrite arbitrary files during archive
     extraction via a .. (dot dot) in an extracted filename.
Checksums-Sha1: 
 662dac7cb13cfe58139f18d91434d7eeec806dbd 2078 libzip-ruby_0.9.4-1+deb7u1.dsc
 87fcc83b7011b43f589ae1617a931a20da679036 63696 libzip-ruby_0.9.4.orig.tar.gz
 ae2fd9502a4d29f56f0dbe4041031d1cf813a7f8 4030 libzip-ruby_0.9.4-1+deb7u1.debian.tar.gz
 250b4e51ac802cf893d9c53ff8eca7581fefb5e0 43044 libzip-ruby1.8_0.9.4-1+deb7u1_all.deb
 471e0807860ebc0b238ec1ef82765e39150d795d 42900 libzip-ruby1.9.1_0.9.4-1+deb7u1_all.deb
Checksums-Sha256: 
 c3d0a4bd374b448997232a20bbc1bdf57d0de22b92985e539980126ecc2becdf 2078 libzip-ruby_0.9.4-1+deb7u1.dsc
 8e13d1a34cb35998b508e3aee0db74d124d2108ec6785475c15f5e8befada5c0 63696 libzip-ruby_0.9.4.orig.tar.gz
 813efbf7644d599b7b6aef1b6ec71cdf59d9f5ae3a1981a69fa22a7ee155bffd 4030 libzip-ruby_0.9.4-1+deb7u1.debian.tar.gz
 6865cd3a01e55de5f39c70527af30d6feda59d18cd2b8a32297a56af4b6b6cc5 43044 libzip-ruby1.8_0.9.4-1+deb7u1_all.deb
 136d1146854464a53df61441bcd2711ff9547ea749a1bb3209e184bce2158b72 42900 libzip-ruby1.9.1_0.9.4-1+deb7u1_all.deb
Files: 
 e71638fa5b7ff1ea857de6b602af855f 2078 ruby optional libzip-ruby_0.9.4-1+deb7u1.dsc
 501f9e271ae3c0f487e5017e10058097 63696 ruby optional libzip-ruby_0.9.4.orig.tar.gz
 f4e15464f3ba7ac8413671c049f13c33 4030 ruby optional libzip-ruby_0.9.4-1+deb7u1.debian.tar.gz
 ab41e412ee17b0745a592e1114a8f37d 43044 ruby optional libzip-ruby1.8_0.9.4-1+deb7u1_all.deb
 6b3e67d302aeb5923e95aadd15b9f350 42900 ruby optional libzip-ruby1.9.1_0.9.4-1+deb7u1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAli9xutfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1Hk4SoP/108zG1V4YbaSuy3V4rKsZCgEnXmeyx0XtTB
XKMXcpASKxVpJJGg3z0JYaveVNoY2o9Vu1SHZpQ2SpZvXlwJUIUaLlDSf7UWVxBC
QgmvYKvQvGLC4Mm67bM1INA0srZuZVXInLwzEqXrnlMGdlz+ooX7pua+ZLJXQh9b
dk2eZXLFcISpmrR3YEUTcoJkfnUEGeF3Zey9WRLEHohRYOG3MEGeISgwLdgZjlgJ
IeaM+QJcM/SyskNdw4Swu4Ye0Xhl5Nj9NvKQtpFIOJyOClVdsuOzl6Jk9KUBVijq
tD2vtTl4xLMMQjRF6PTCrUUcgy55rBOThs0WLMibukvpmeQgaRIIy+gQEUbceXcb
lvA+WHoaSgG24un35M9G/OrKqtuX3W5fdPt+iJBIG3DJtRZX5NVqDcYTCyx2PqGG
jCt+zydi8lXrf4FRLpaIZtY1f4ySH3svmCr/Kt+szHYJANglYtOG5XSwJdiz5WJR
RPU+Jgu+ROurf3hg3lKoc6r7PpPcsFIXM4XkGdatcxqqXRq8TOpnvbHWEFaaky43
kYY6LrkQ/cM47BL6yvscNVl3yWRT7+vgzHApOd4ofFdRwgzlDVuZKyylPnH3t+wY
wbzkWfR0B2IMbylRSrnu3mz+ZLGc8riaPTWmhzqL+kVDzKWqHewznyEGUgv7sBRt
CpCTTad5
=ODXK
-----END PGP SIGNATURE-----
News for package libzip-ruby
