[SECURITY] [DLA 808-1] ruby-archive-tar-minitar security update

[news 28]

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA256

 

Package : ruby-archive-tar-minitar

Version : 0.5.2-2+deb7u1

CVE ID : CVE-2016-10173

Debian Bug : 853249

 

 

It has been found that rubygem archive-tar-minitar allows attackers to

overwrite arbitrary files during archive extraction via a .. (dot dot)

in an extracted filename.

 

For Debian 7 "Wheezy", these problems have been fixed in version

0.5.2-2+deb7u1.

 

We recommend that you upgrade your ruby-archive-tar-minitar packages.

 

Further information about Debian LTS security advisories, how to apply

these updates to your system and frequently asked questions can be

found at: https://wiki.debian.org/LTS

-----BEGIN PGP SIGNATURE-----

Version: GnuPG v2

 

iQIcBAEBCAAGBQJYj6vSAAoJEPZk0la0aRp9LD4P/RuMAdqzKs5xNNCa97WR56bZ

RpjoBTaxZdAjtIvCMXcd2/fz26gSSpsGbYDX+ABDdrSsYwAM2MBRBnmqn4+e4iuv

mq+txjghyWtmZnV9pGBIy8SSW6Rl894fCW5N9/pW4PyXGw5OYJCXLqg73q+r5Za4

YneEXXZ4arS6eY+/nJGN/2+KDNSoHeDjYTS84ZbgTSrtYKNmIlNTqfbDAginREmb

lYESsaVJ8zCBiCnC1I2nxe2B1Z13RUTjZAOnpQBSkMl7XNYqX4548XS+pKvj2LwK

SY+d/jDcf7o6XUs754LPeXbFuiYc1NR/XgfHoIIwpbP28TVPf3zkJfLmE/fmXSua

ofX4duDxqeyZsh3jAZhaI8SyDYah9kxD7YQ2YuarcrOFI/jhlWuCKlAe46ZpWwyl

tSaOUzSf+M+vzWCUGYb6cMjmkrOU7Z1QNwdYG55lcdAlX4Tq78DEdDlhnaerOcF7

+k7gv37q/WbMnadFJ6h1OzvENEzn/UXSp/x/Tyy0YL8j47AjjM8Sd42dITOogujG

xGtjdtxxbMBhs4zHxsTD+CeTgcEyv7M84EsWXE/B1G//+n74kI5Vr0AzgEhr9tvU

rDQmGJvZnPmMbJnH+udg33z93ZA0lCrSLCcQ98YBFzIAimi2b5mvLGky18rqRLHs

5hq0XUc04UjlKDO7JRd7

=2DGC

-----END PGP SIGNATURE-----