Your message dated Sun, 12 Feb 2017 22:17:30 +0000
with message-id <[email protected]>
and subject line Bug#853249: fixed in ruby-archive-tar-minitar 0.5.2-2+deb8u1
has caused the Debian Bug report #853249,
regarding ruby-archive-tar-minitar: CVE-2016-10173: directory traversal
vulnerability
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
853249: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853249
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: ruby-minitar
Version: 0.5.4-3
Severity: grave
Tags: security upstream patch
Forwarded: https://github.com/halostatue/minitar/issues/16
Hi,
the following vulnerability was published for ruby-minitar.
CVE-2016-10173[0]:
directory traversal vulnerability
There is an upstream bug for it at [1], which as well references a
minimal patch from SuSE for the issue at [2].
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-10173
[1] https://github.com/halostatue/minitar/issues/16
[2] https://bugzilla.opensuse.org/show_bug.cgi?id=1021740#c5
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: ruby-archive-tar-minitar
Source-Version: 0.5.2-2+deb8u1
We believe that the bug you reported is fixed in the latest version of
ruby-archive-tar-minitar, which is due to be installed in the Debian FTP
archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
ruby-archive-tar-minitar package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 30 Jan 2017 21:57:15 +0100
Source: ruby-archive-tar-minitar
Binary: ruby-archive-tar-minitar
Architecture: all source
Version: 0.5.2-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Alexander Wirt <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Closes: 853249
Description:
ruby-archive-tar-minitar - Provides POSIX tarchive management from Ruby
programs.
Changes:
ruby-archive-tar-minitar (0.5.2-2+deb8u1) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2016-10173: directory traversal vulnerability (Closes: #853249)
Checksums-Sha1:
134f9f4df51b425f601b19173c2362cc888e72e7 2082
ruby-archive-tar-minitar_0.5.2-2+deb8u1.dsc
c26a196933d0dea7da6e46d5ecb280f0cb34671a 20440
ruby-archive-tar-minitar_0.5.2.orig.tar.gz
9c2228f409198dac3e7f5885db31262838900456 2540
ruby-archive-tar-minitar_0.5.2-2+deb8u1.debian.tar.xz
4e78675a975d6b673fca81b8dd33757eb396d111 15646
ruby-archive-tar-minitar_0.5.2-2+deb8u1_all.deb
Checksums-Sha256:
bccfd232c91315f50b9c6ee42e8fb7da5234e7115c78f9ed663cfbcc759089d5 2082
ruby-archive-tar-minitar_0.5.2-2+deb8u1.dsc
841632a21cb6fafff3a8c9c25cd326941a0096e3e17b9b15005c850e3526d343 20440
ruby-archive-tar-minitar_0.5.2.orig.tar.gz
85973ee316942ea74094a4e1c77427984ef9b0ac8093aaae3872c6887dac524c 2540
ruby-archive-tar-minitar_0.5.2-2+deb8u1.debian.tar.xz
795df248fea4a7cf1b1e6f9c2f3692503a30c189af3c767f0a84fa240cdb7eb0 15646
ruby-archive-tar-minitar_0.5.2-2+deb8u1_all.deb
Files:
5457c15b104479108210289a3049f49e 2082 ruby optional
ruby-archive-tar-minitar_0.5.2-2+deb8u1.dsc
e9187af86dbce33e67a29bc627c130ec 20440 ruby optional
ruby-archive-tar-minitar_0.5.2.orig.tar.gz
a38be9555abf9d9a5cc721eda2962e14 2540 ruby optional
ruby-archive-tar-minitar_0.5.2-2+deb8u1.debian.tar.xz
463bde9a80076e8928942c9ef7b413d1 15646 ruby optional
ruby-archive-tar-minitar_0.5.2-2+deb8u1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAliPqXdfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89ETKwP/RLkq1ek2monR/Q/7bCwAXzka0Q0SxW7
3EmoPZtvn9pjoNWcsHGTdjG3Os33NgmoqE7MK1Cz2+8YC2dkNEXSzYPbjn0VwecQ
2xLeFkEmwTjs1kbRX/l3aohCzvTrs4zz7CEEjuEhEhSLcpAt8tRu9LhuG+63L+Y4
C6EHA4ygI3/UC/PyFmpb596W1g+HdKhvggm4WF/CovKafKfsFASnj7flqSnWOMJ5
uCw4BeiB3JQBHpXrqgJ8IeXTedZncRJx+nPr6gJsLA9iF5hWphelftS9/JrkDM2e
oqv4KTY/xJuZqL4ROwPmBp43m9zkGC1V85e7EOHRWwDgiR0mA4hSs3Vhz1vznMAb
Ol+sbECa/NGY7Ev1KxsiDtnfewAGDqHSDszvYcC+2ozIaN8T44cg14cQqDCeM6hq
TrNQZV1Z93uBLU2kM+mtT4V/fEISEbIiLsnzffAo0h1JAGEj2/v+YRbQy3IINFoB
xJBjNPhypVmFYOJBKg8EGo9AzPeltJOyYVz6xcjqKoNwh3exVTb7rIfD/QBRxXTR
vHrKkQfIhfxLVPMIbdpvexwNe1toLG31w+im77n3PKLesI1cODuqcv4bU8knsj/E
cbGSzizTZIS7ynhWPJxLB8VUJRYoPqbCdrMrfMBtACh/yCn/+t8KjdsDR8h6Wzs5
mm5F//6s2KQy
=vW2D
-----END PGP SIGNATURE-----
--- End Message ---