Bugzilla – Bug 1152245
VUL-1: CVE-2019-16892: rubygem-rubyzip: bypass application checks on ZIP entry sizes
Last modified: 2020-05-04 12:06:17 UTC
In Rubyzip before 1.3.0, a crafted ZIP file can bypass application checks on ZIP
entry sizes because data about the uncompressed size can be spoofed. This allows
attackers to cause a denial of service (disk consumption).
leap 15.2 got 1.3.0 - and that's good enough for me. I don't maintain this package, I just got a bot to update them.
recommend to WONTFIX