From b82ab6a55d369ea8e21bcd8db1f11cb36c9760ab Mon Sep 17 00:00:00 2001
From: Joe Truba <jtruba@meraki.com>
Date: Thu, 16 Aug 2018 10:37:42 -0700
Subject: [PATCH] Add CVE-2018-1000544 for rubyzip

---
 gems/rubyzip/CVE-2018-1000544.yml | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)
 create mode 100644 gems/rubyzip/CVE-2018-1000544.yml

diff --git a/gems/rubyzip/CVE-2018-1000544.yml b/gems/rubyzip/CVE-2018-1000544.yml
new file mode 100644
index 0000000000..e408af2dd5
--- /dev/null
+++ b/gems/rubyzip/CVE-2018-1000544.yml
@@ -0,0 +1,17 @@
+---
+gem: rubyzip
+date: 2018-06-14
+url: https://github.com/rubyzip/rubyzip/issues/369
+cve: 2018-1000544
+title: Directory Traversal in rubyzip
+description: |
+  rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability
+  in Zip::File component that can result in write arbitrary files to the filesystem.
+  If a site allows uploading of .zip files, an attacker can upload a malicious file
+  which contains symlinks or files with absolute pathnames "../" to write arbitrary
+  files to the filesystem.
+related:
+  cve:
+    - 2017-5946
+  url:
+    - https://security-tracker.debian.org/tracker/CVE-2018-1000544