[Bug 1669894] Re: Security - CVE-2017-5946

Mon, 13 Mar 2017 09:17:10 -0700 

Hello again, Phillip. I made a mistake while triaging this bug last week
because I mistakenly thought that ruby-zip was in main. It turns out
that ruby-zip is in universe and, therefore, it is community supported.
If you are able, I suggest coordinating with upstream and posting a
debdiff for this issue. When a debdiff is available, members of the
security team will review it and publish the package. See the following
link for more information:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures.

I'm in the process of syncing the Debian security update for libzip-ruby
in 12.04 and for ruby-zip in Zesty (soon to be 17.04). There are no
syncs available for 16.04 or 16.10 so it'd be much appreciated if you
could provide debdiffs for those releases.

** Changed in: libzip-ruby (Ubuntu)
       Status: New => In Progress

** Also affects: libzip-ruby (Ubuntu Zesty)
   Importance: Undecided
       Status: In Progress

** Also affects: ruby-zip (Ubuntu Zesty)
   Importance: Undecided
       Status: Triaged

** Also affects: libzip-ruby (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: ruby-zip (Ubuntu Yakkety)
   Importance: Undecided
       Status: New

** Also affects: libzip-ruby (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** Also affects: ruby-zip (Ubuntu Xenial)
   Importance: Undecided
       Status: New

** No longer affects: libzip-ruby (Ubuntu Zesty)

** No longer affects: libzip-ruby (Ubuntu Yakkety)

** No longer affects: libzip-ruby (Ubuntu Xenial)

** Changed in: ruby-zip (Ubuntu Zesty)
       Status: Triaged => In Progress

** Changed in: ruby-zip (Ubuntu Yakkety)
       Status: New => Incomplete

** Changed in: ruby-zip (Ubuntu Xenial)
       Status: New => Incomplete

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1669894

Title:
  Security - CVE-2017-5946

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libzip-ruby/+bug/1669894/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to