[DRE-commits] [ruby-zip] 04/05: Refresh patches
Sruthi Chandran
srud-guest at moszumanska.debian.org
Tue Jun 27 18:18:58 UTC 2017
This is an automated email from the git hooks/post-receive script.
srud-guest pushed a commit to branch master
in repository ruby-zip.
commit d1c92e62aa513925ed082590b9db170f4a8024b4
Author: Sruthi Chandran <srud at disroot.org>
Date: Tue Jun 27 23:20:55 2017 +0530
Refresh patches
---
debian/patches/CVE-2017-5946.patch | 11 +++--------
1 file changed, 3 insertions(+), 8 deletions(-)
diff --git a/debian/patches/CVE-2017-5946.patch b/debian/patches/CVE-2017-5946.patch
index 0d5aea4..f35d53c 100644
--- a/debian/patches/CVE-2017-5946.patch
+++ b/debian/patches/CVE-2017-5946.patch
@@ -7,13 +7,11 @@ Subject: [PATCH] Fix #315 and resolve relative path vulnerability
lib/zip/entry.rb | 5 +++++
1 file changed, 5 insertions(+)
-diff --git a/lib/zip/entry.rb b/lib/zip/entry.rb
-index 7884458..0aba0eb 100644
--- a/lib/zip/entry.rb
+++ b/lib/zip/entry.rb
-@@ -150,6 +150,11 @@ module Zip
- def extract(dest_path = @name, &block)
- block ||= proc { ::Zip.on_exists_proc }
+@@ -155,6 +155,11 @@
+ return self
+ end
+ if @name.squeeze('/') =~ /\.{2}(?:\/|\z)/
+ puts "WARNING: skipped \"../\" path component(s) in #{@name}"
@@ -23,6 +21,3 @@ index 7884458..0aba0eb 100644
if directory? || file? || symlink?
__send__("create_#{@ftype}", dest_path, &block)
else
---
-2.11.0
-
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-zip.git
More information about the Pkg-ruby-extras-commits
mailing list