Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ruby-zip 1.2.1-1.1 (source) into unstable
Date: Wed, 15 Aug 2018 10:53:59 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 13 Aug 2018 13:57:54 +0200
Source: ruby-zip
Binary: ruby-zip
Architecture: source
Version: 1.2.1-1.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 ruby-zip   - Ruby module for reading and writing zip files
Closes: 902720
Changes:
 ruby-zip (1.2.1-1.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * Fix CVE-2018-1000544:
     rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory
     Traversal vulnerability that can be exploited to write arbitrary files to
     the filesystem. (Closes: #902720)
   * Drop CVE-2017-5946.patch because this one was already fixed in version
     1.2.1.
Checksums-Sha1:
 6d106d510e01dd99385c7acb5e9cdc7c7456f7a8 2200 ruby-zip_1.2.1-1.1.dsc
 f1ef96cdbc791de1e1a129e26ba08ebadd2e5c6a 6276 ruby-zip_1.2.1-1.1.debian.tar.xz
 fd24066e4f8f026a3690517764031ee1a6e75478 6810 ruby-zip_1.2.1-1.1_amd64.buildinfo
Checksums-Sha256:
 37af4d955634a03999a4f2af7713e6c69f70b0707fc3f802c8adf9123a2cfaa2 2200 ruby-zip_1.2.1-1.1.dsc
 52527d49596965fd03d4d0a84b8ef330e4d7475c901504f2dd30f109818df880 6276 ruby-zip_1.2.1-1.1.debian.tar.xz
 f430da61c2d0f3ab28a07709deeb1f16d4f6e0ebf341a50165532797497e62aa 6810 ruby-zip_1.2.1-1.1_amd64.buildinfo
Files:
 d3e080515f5b5a5916c1449d6d03429d 2200 ruby optional ruby-zip_1.2.1-1.1.dsc
 8a9c8bc20f0ab0a344c70bf6a9241fa2 6276 ruby optional ruby-zip_1.2.1-1.1.debian.tar.xz
 93b1d95dbf80ae3cffba58f97963ae44 6810 ruby optional ruby-zip_1.2.1-1.1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt0ASNfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkHtMP/08fqyHHqf7nKneCxjqe+bbkAbg/w4jUbspT
44rwBf0yyLlKOWp9/D//39xr3A+7E2zqBiZCPpTEviE/y5/mEUjc2z0m9Qhn+t8V
xLJL2IClKFuMyYqTQ7A0q1oqSzut380csHrgrqcFDjZyVdTxB9CQ/TjxdBdRKvyT
vLJDXCvGfw93WXEtgLWOnZmsD1yCWdfQA9OjhGikgtwkZRg1ZBOkwRz3pmhoFP6l
nHmItefywUsuaN9+lxxFSwFOG/HtrVOYdKolb0b1sbwWQwMytW/JEri8XoB/BNUV
NQ+HnKj/X7vql38HfWT4eBhJ9eOQiIp87c82iEV54ANRkYZPjX7bz+Cg1wd//AXl
FFpqp9GpqrBPxPFIGaxgcmM0hTR2Dt9oaa/0e6M7WRAF8xaInxTrNpBxi6rDv1F9
zRjyomOkvmmoVBvh+wUh4GFbH8nI0BjeyID2e5uH0dXE7PEII3l3/cqzxM3RuBZE
QPkvm/UxkxiV9ZnpHdLIo5Qawf4Rw3d02gf9SMGL9Vt+rEwjTAWAHVSl3AjmkLqt
dcdKdvYTQeVieE6cMo/vPFhp2d0+ITDTuQzKkwllRXtLimJ9TQKdqsygVB86QA9e
V7t8DIODzayk2oTRQ+nxI0K+DtE//yNsyKZFl7XPqv79yeBgH8cP0GAkEqMJvF6t
cyK7gVIy
=HeAT
-----END PGP SIGNATURE-----
News for package ruby-zip
