Your message dated Wed, 15 Aug 2018 10:53:59 +0000 with message-id <e1fptr9-000duu...@fasolo.debian.org> and subject line Bug#902720: fixed in ruby-zip 1.2.1-1.1 has caused the Debian Bug report #902720, regarding CVE-2018-1000544 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 902720: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=902720 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Package: ruby-zip Severity: grave Tags: security This was assigned CVE-2018-1000544: https://github.com/rubyzip/rubyzip/issues/369 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ruby-zip Source-Version: 1.2.1-1.1 We believe that the bug you reported is fixed in the latest version of ruby-zip, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 902...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Markus Koschany <a...@debian.org> (supplier of updated ruby-zip package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 13 Aug 2018 13:57:54 +0200 Source: ruby-zip Binary: ruby-zip Architecture: source Version: 1.2.1-1.1 Distribution: unstable Urgency: medium Maintainer: Debian Ruby Extras Maintainers <pkg-ruby-extras-maintain...@lists.alioth.debian.org> Changed-By: Markus Koschany <a...@debian.org> Description: ruby-zip - Ruby module for reading and writing zip files Closes: 902720 Changes: ruby-zip (1.2.1-1.1) unstable; urgency=medium . * Non-maintainer upload. * Fix CVE-2018-1000544: rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability that can be exploited to write arbitrary files to the filesystem. (Closes: #902720) * Drop CVE-2017-5946.patch because this one was already fixed in version 1.2.1. Checksums-Sha1: 6d106d510e01dd99385c7acb5e9cdc7c7456f7a8 2200 ruby-zip_1.2.1-1.1.dsc f1ef96cdbc791de1e1a129e26ba08ebadd2e5c6a 6276 ruby-zip_1.2.1-1.1.debian.tar.xz fd24066e4f8f026a3690517764031ee1a6e75478 6810 ruby-zip_1.2.1-1.1_amd64.buildinfo Checksums-Sha256: 37af4d955634a03999a4f2af7713e6c69f70b0707fc3f802c8adf9123a2cfaa2 2200 ruby-zip_1.2.1-1.1.dsc 52527d49596965fd03d4d0a84b8ef330e4d7475c901504f2dd30f109818df880 6276 ruby-zip_1.2.1-1.1.debian.tar.xz f430da61c2d0f3ab28a07709deeb1f16d4f6e0ebf341a50165532797497e62aa 6810 ruby-zip_1.2.1-1.1_amd64.buildinfo Files: d3e080515f5b5a5916c1449d6d03429d 2200 ruby optional ruby-zip_1.2.1-1.1.dsc 8a9c8bc20f0ab0a344c70bf6a9241fa2 6276 ruby optional ruby-zip_1.2.1-1.1.debian.tar.xz 93b1d95dbf80ae3cffba58f97963ae44 6810 ruby optional ruby-zip_1.2.1-1.1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt0ASNfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkHtMP/08fqyHHqf7nKneCxjqe+bbkAbg/w4jUbspT 44rwBf0yyLlKOWp9/D//39xr3A+7E2zqBiZCPpTEviE/y5/mEUjc2z0m9Qhn+t8V xLJL2IClKFuMyYqTQ7A0q1oqSzut380csHrgrqcFDjZyVdTxB9CQ/TjxdBdRKvyT vLJDXCvGfw93WXEtgLWOnZmsD1yCWdfQA9OjhGikgtwkZRg1ZBOkwRz3pmhoFP6l nHmItefywUsuaN9+lxxFSwFOG/HtrVOYdKolb0b1sbwWQwMytW/JEri8XoB/BNUV NQ+HnKj/X7vql38HfWT4eBhJ9eOQiIp87c82iEV54ANRkYZPjX7bz+Cg1wd//AXl FFpqp9GpqrBPxPFIGaxgcmM0hTR2Dt9oaa/0e6M7WRAF8xaInxTrNpBxi6rDv1F9 zRjyomOkvmmoVBvh+wUh4GFbH8nI0BjeyID2e5uH0dXE7PEII3l3/cqzxM3RuBZE QPkvm/UxkxiV9ZnpHdLIo5Qawf4Rw3d02gf9SMGL9Vt+rEwjTAWAHVSl3AjmkLqt dcdKdvYTQeVieE6cMo/vPFhp2d0+ITDTuQzKkwllRXtLimJ9TQKdqsygVB86QA9e V7t8DIODzayk2oTRQ+nxI0K+DtE//yNsyKZFl7XPqv79yeBgH8cP0GAkEqMJvF6t cyK7gVIy =HeAT -----END PGP SIGNATURE-----
--- End Message ---
