* Non-maintainer upload by the LTS team.
* Fix CVE-2017-5946:
It was discovered that libzip-ruby, a Ruby module for reading and writing
zip files, is prone to a directory traversal vulnerability. An attacker can
take advantage of this flaw to overwrite arbitrary files during archive
extraction via a .. (dot dot) in an extracted filename.
This bug was fixed in the package libzip-ruby - 0.9.4-1+ deb7u1build0. 12.04.1
--------------- 1+deb7u1build0. 12.04.1) precise-security; urgency=medium
libzip-ruby (0.9.4-
* fake sync from Debian (LP: #1669894)
libzip-ruby (0.9.4-1+deb7u1) wheezy-security; urgency=high
* Non-maintainer upload by the LTS team.
* Fix CVE-2017-5946:
It was discovered that libzip-ruby, a Ruby module for reading and writing
zip files, is prone to a directory traversal vulnerability. An attacker can
take advantage of this flaw to overwrite arbitrary files during archive
extraction via a .. (dot dot) in an extracted filename.
-- Tyler Hicks <email address hidden> Mon, 13 Mar 2017 15:06:48 +0000