Summary: | <dev-ruby/archive-tar-minitar-0.6.1: directory traversal vulnerability (CVE-2016-10173) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2017/01/24/7 | ||
Whiteboard: | B3 [glsa cve] | ||
Package list: |
=dev-ruby/archive-tar-minitar-0.6.1
|
Runtime testing required: | --- |
Bug Depends on: | 609422 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-01-24 20:10:58 UTC
dev-ruby/archive-tar-minitar-0.6.1 is the upstream version that has this fixed. It is now in the tree. @ Arches, please test and mark stable: =dev-ruby/archive-tar-minitar-0.6.1 amd64 stable (In reply to Thomas Deutschmann from comment #2) > @ Arches, > > please test and mark stable: =dev-ruby/archive-tar-minitar-0.6.1 Arches may also consider dropping their keywords to testing. No stable packages depend on this anymore. x86 stable sparc stable ppc ppc64 stable. Stable for HPPA. ia64 stable Stable on alpha. GLSA Vote: Yes New GLSA request filed. @ Maintainer(s): Please cleanup and drop =dev-ruby/archive-tar-minitar-0.5.4-r2! Cleanup done. This issue was resolved and addressed in GLSA 201702-32 at https://security.gentoo.org/glsa/201702-32 by GLSA coordinator Thomas Deutschmann (whissi). |