Summary: | <dev-ruby/rubyzip-1.2.2: Directory Traversal vulnerability (CVE-2018-1000544) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Florian Schuhmacher <mynt1aa> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | ruby |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/rubyzip/rubyzip/issues/369 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-ruby/rubyzip-1.2.2
|
Runtime testing required: | --- |
Description
Florian Schuhmacher
2018-06-26 19:02:12 UTC
No upstream patches yet. Proposed upstream patch: https://github.com/rubyzip/rubyzip/pull/371 Debian has shipped https://sources.debian.org/src/ruby-zip/1.2.1-1.1/debian/patches/CVE-2018-1000544_part1.patch/ https://sources.debian.org/src/ruby-zip/1.2.1-1.1/debian/patches/CVE-2018-1000544_part2.patch/ This has been fixed upstream in version 1.2.2, which has now been added and can be marked stable. ppc stable ppc64 stable amd64 stable hppa stable x86 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=be348a03f8c8fc100128875e2baaf2cb09fd6653 commit be348a03f8c8fc100128875e2baaf2cb09fd6653 Author: Tobias Klausmann <klausman@gentoo.org> AuthorDate: 2019-01-30 13:19:56 +0000 Commit: Tobias Klausmann <klausman@gentoo.org> CommitDate: 2019-01-30 13:19:56 +0000 dev-ruby/rubyzip-1.2.2-r0: alpha stable Bug: http://bugs.gentoo.org/659282 Signed-off-by: Tobias Klausmann <klausman@gentoo.org> dev-ruby/rubyzip/rubyzip-1.2.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) arm stable, all arches done. cleanup done. |