Debian Package Tracker

From: Markus Koschany <apo@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted ruby-zip 1.1.6-1+deb8u2 (source amd64) into oldstable
Date: Wed, 15 Aug 2018 11:10:19 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 15 Aug 2018 12:38:45 +0200
Source: ruby-zip
Binary: ruby-zip
Architecture: source amd64
Version: 1.1.6-1+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@lists.alioth.debian.org>
Changed-By: Markus Koschany <apo@debian.org>
Description:
 ruby-zip   - Ruby module for reading and writing zip files
Closes: 902720
Changes:
 ruby-zip (1.1.6-1+deb8u2) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS team.
   * Fix CVE-2018-1000544:
     rubyzip version 1.2.1 and earlier contains a Directory
     Traversal vulnerability that can be exploited to write arbitrary files to
     the filesystem. (Closes: #902720)
Checksums-Sha1:
 9b78a610add3915c257858d5dac3f9ba754bb0f0 2270 ruby-zip_1.1.6-1+deb8u2.dsc
 4658b83d6daa1b2334306148307bc9d94734eb83 6668 ruby-zip_1.1.6-1+deb8u2.debian.tar.xz
 9b49662585b8af26d279a37438b70cab2b80e6de 37290 ruby-zip_1.1.6-1+deb8u2_amd64.deb
Checksums-Sha256:
 7a7c2edb3ba02f2a766ab68bb2ac6b4ce72b14305edb72fe86ecfa8c1fb59122 2270 ruby-zip_1.1.6-1+deb8u2.dsc
 03527cfd903bf3568d693516c6924449ed549e012bc3debff676c7af5984fb95 6668 ruby-zip_1.1.6-1+deb8u2.debian.tar.xz
 f971e8cb6367a6ac44088707a4c50e087f4863829f9a8cd68a1caaf56f2a27fc 37290 ruby-zip_1.1.6-1+deb8u2_amd64.deb
Files:
 ae9ac12e41a453bc58d160889bf677e6 2270 ruby optional ruby-zip_1.1.6-1+deb8u2.dsc
 3b7292abc89ea4c6103769b8d5d3d947 6668 ruby optional ruby-zip_1.1.6-1+deb8u2.debian.tar.xz
 e0e8c834aadd733f093a75359eeccd21 37290 ruby optional ruby-zip_1.1.6-1+deb8u2_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt0Bp5fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp
YW4ub3JnAAoJENmtFLlRO1HkSiAQAKz2LozJ7j79ehhSdM5xKTgpNvQwOHbkAgcX
xWd6LG5tcWYN6+aA3cT6h4pCay6PvesxpS4cyNjsGsqArHataDF3tZuDOeIrw56p
GxG5UkLc6XHYsx1hinHPM4/v5n4BdTy7fLKQeuwD21eJCOlL1eseRTjgnEStadSY
5lewmffBGVTZXvh3KpBmlxutkvHUSH7LIAwcODKTaFTQWzw6y90BttilvGbIgT3F
Lyrkla8sQs2ltujPROrIRRGrScc0rspUVRDWjdW49Zjuwo4QrkbtED+h38Uczkr3
o3/sn+ecRbud4fk4I3+821483n2H7Zggkpb+7saTaXWi0V0bzVRkdPitGTruJwXK
uO9sPgOX32zCummo8yABF1iwf4APpW0MGZ8RckwMq8h2OSNrQIF4sxbrJSyQRiIF
9LurquJsD4VjcbHN5y3jHr6nHENEfExCGh4+OrQAl3ogj+zUQr6uzaGtSBLFMaRV
Kow7yKrpflBU07psmSso3O+Rl+4L9g/iiC9d8QC/q4/dgRmra2KrER5eruAxpfoq
flQWlM+EzZFnlMQt0vwz51AxpgGADq2FJJ8QMsUNdeKRHHS4V4y4EnYxkh7jEH1I
rbJRosvXexMGLKus3/cxW5lX+8ZwOj3NROh1DLUChOslYOM0JvapmONAtK6vyQ/j
kwYNYh3f
=1/Dj
-----END PGP SIGNATURE-----
News for package ruby-zip
