[DRE-commits] [ruby-minitar] 02/09: d/patches: Remove patchs (applied upstream)
Sebastien Badia
sbadia at moszumanska.debian.org
Sun Jun 11 18:03:01 UTC 2017
This is an automated email from the git hooks/post-receive script.
sbadia pushed a commit to branch master
in repository ruby-minitar.
commit e25a22d19dff0bca0a20becddabc2d74a41dee09
Author: Sebastien Badia <seb at sebian.fr>
Date: Sun Jun 11 19:49:20 2017 +0200
d/patches: Remove patchs (applied upstream)
---
debian/patches/CVE-2016-10173.patch | 22 ----------------------
debian/patches/series | 1 -
2 files changed, 23 deletions(-)
diff --git a/debian/patches/CVE-2016-10173.patch b/debian/patches/CVE-2016-10173.patch
deleted file mode 100644
index ae9efb9..0000000
--- a/debian/patches/CVE-2016-10173.patch
+++ /dev/null
@@ -1,22 +0,0 @@
-Description: CVE-2016-10173: directory traversal vulnerability
-Origin: vendor, https://bugzilla.opensuse.org/attachment.cgi?id=711945
-Bug: https://github.com/halostatue/minitar/issues/16
-Bug-Debian: https://bugs.debian.org/853075
-Bug-OpenSUSE: https://bugzilla.opensuse.org/show_bug.cgi?id=1021740
-Forwarded: not-needed
-Author: Jordi Massaguer
-Reviewed-by: Salvatore Bonaccorso <carnil at debian.org>
-Last-Update: 2017-01-30
-
---- a/lib/archive/tar/minitar.rb
-+++ a/lib/archive/tar/minitar.rb
-@@ -975,6 +975,9 @@ module Archive::Tar::Minitar
- end
-
- inp.each do |entry|
-+ if entry.full_name.squeeze('/') =~ /\.{2}(?:\/|\z)/
-+ raise entry.full_name + " Error path contains .."
-+ end
- if files.empty? or files.include?(entry.full_name)
- inp.extract_entry(dest, entry, &block)
- end
diff --git a/debian/patches/series b/debian/patches/series
deleted file mode 100644
index 7c8eced..0000000
--- a/debian/patches/series
+++ /dev/null
@@ -1 +0,0 @@
-CVE-2016-10173.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-ruby-extras/ruby-minitar.git
More information about the Pkg-ruby-extras-commits
mailing list