Debian Package Tracker

From: Salvatore Bonaccorso <carnil@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted ruby-zip 1.1.6-1+deb8u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 09 Mar 2017 23:20:45 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 03 Mar 2017 07:21:15 +0100
Source: ruby-zip
Binary: ruby-zip
Architecture: source
Version: 1.1.6-1+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 856269
Description: 
 ruby-zip   - Ruby module for reading and writing zip files
Changes:
 ruby-zip (1.1.6-1+deb8u1) jessie-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
 .
   [ Antonio Terceiro ]
   * debian/patches/ftbfs-jessie.patch: fix build failure on jessie
 .
   [ Salvatore Bonaccorso ]
   * CVE-2017-5946: directory traversal vulnerability in Zip::File component
     (Closes: #856269)
Checksums-Sha1: 
 d3b435b2b469b140d24924aeba87df6ca7809fbe 2274 ruby-zip_1.1.6-1+deb8u1.dsc
 80765008a82b53d9646eccbfe132999e638a3e67 69567 ruby-zip_1.1.6.orig.tar.gz
 800c84df0eb84f584d7bd74b4a8fd4346840dbc8 5264 ruby-zip_1.1.6-1+deb8u1.debian.tar.xz
Checksums-Sha256: 
 358a517987a91b1593fff024ec0487e8e5bf8e110904d9a4e5802996f69129c6 2274 ruby-zip_1.1.6-1+deb8u1.dsc
 dd4f98e0f73ddaa2b3de166c38a14fc8248512555c064ca61b1aa237a4831e5f 69567 ruby-zip_1.1.6.orig.tar.gz
 717349d6399f0df4964cd7b49021706b7770fee2681cf7f36eef759d5a244135 5264 ruby-zip_1.1.6-1+deb8u1.debian.tar.xz
Files: 
 0b8c929638d52cfcc95188e89315bf22 2274 ruby optional ruby-zip_1.1.6-1+deb8u1.dsc
 6b45c19edd41b70c0da03eb2a829df72 69567 ruby optional ruby-zip_1.1.6.orig.tar.gz
 f8d3625cc40146df1213337180b6796d 5264 ruby optional ruby-zip_1.1.6-1+deb8u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAli5C/9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EFagP/RkF/Iq6mVvNJ7H2qvZFH0Ij3w4mQfq2
virhGkERH9rheFz/jexoa2ucrMblzVmrxM/PPX38MDxhoT8U1QpGl+y90J5tXUqt
jrvjTjAQeTi8Mt34PQ1dbsYgDr1k1eOwXLVfqCS4VhxBtih0BMq16y/n0rxWfn7q
/REtgISKwjLDrWzoh8DpNRs9EQOqkfNjqyWJdrLUKtWGImeGaYyaM687JxiIU9wL
7eRG4Lz1UtC0FPmhOFoo6oFM9iDjHK3p8jRR9MIpCALa07VYC28ZfARTEBMAQzkR
Ff5kWhVYYloR71gRYjMty0S9Tybg5itQHYKrtWBFGe1sQ5enbmnJ6Uq9FvEVA1iW
cD2QuftrMfmUugOBcJNSFpgJytmEcmuGpFDkyGtLBWrQn4scgbP+4Vwb04sM6aUs
dNr459j9S62siDI5eDYs52X590aHCSpyUgzs98BNSeh8rZEvVjXX3R02GwBTtdkp
JbonQZXgaAt0a3gUPCdcy5aHpd/mmCN4t8Pn0D1KQ3MhwrOrcVQ/LxFMl98nw/jA
mEMZcxl4/nUnBnQ5pkBt3x7pimJxoMqOvT9byJHI4Wv5Y1PF67wfHwB1gBn2Ksv6
3NXGWI94GSx/LlUiAZYAbped9KGNnycRKlFL3BDexqGWSZ4LoyBP0ottfHDy0p1D
OTxXqA31csBY
=JSjQ
-----END PGP SIGNATURE-----
News for package ruby-zip
