CVE-2017-5946

Debian Bug report logs - #902720 CVE-2018-1000544 Package: ruby-zip; Maintainer for ruby-zip is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Source for ruby-zip is src:ruby-zip (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Fri, 29 Jun 2018 21:06: ...

Debian Bug report logs - #856269 ruby-zip: CVE-2017-5946 Package: src:ruby-zip; Maintainer for src:ruby-zip is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 27 Feb 2017 10:09:02 UTC Severity: grave Tags: patch, se ...

It was discovered that ruby-zip, a Ruby module for reading and writing zip files, is prone to a directory traversal vulnerability An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a (dot dot) in an extracted filename For the stable distribution (jessie), this problem has been fixed in versio ...

The Zip::File component in the rubyzip gem before 121 for Ruby has a directory traversal vulnerability If a site allows uploading of zip files, an attacker can upload a malicious file that uses "/" pathname substrings to write arbitrary files to the filesystem ...