Overview

File _patchinfo of Package patchinfo.6706

<patchinfo incident="6706">
  <issue id="1080288" tracker="bnc">VUL-1: CVE-2017-10689: puppet: Unpacking tarballs in tar/mini.rb can create files with insecure permissions</issue>
  <issue id="2017-10689" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>kstreitova</packager>
  <description>This update for rubygem-puppet fixes the following issues:

- CVE-2017-10689: Reset permissions when unpacking tar in PMT.
  When using minitar, files were unpacked with whatever permissions are
  in the tarball. This is potentially unsafe, as tarballs can be easily
  created with weird permissions
  (bsc#1080288)
</description>
  <summary>Security update for rubygem-puppet</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places