Comment 4 for bug 1669894

This bug was fixed in the package libzip-ruby - 0.9.4-1+deb7u1build0.12.04.1

---------------
libzip-ruby (0.9.4-1+deb7u1build0.12.04.1) precise-security; urgency=medium

  * fake sync from Debian (LP: #1669894)

libzip-ruby (0.9.4-1+deb7u1) wheezy-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Fix CVE-2017-5946:
    It was discovered that libzip-ruby, a Ruby module for reading and writing
    zip files, is prone to a directory traversal vulnerability. An attacker can
    take advantage of this flaw to overwrite arbitrary files during archive
    extraction via a .. (dot dot) in an extracted filename.

 -- Tyler Hicks <email address hidden> Mon, 13 Mar 2017 15:06:48 +0000