From 54ee9115db68382ebfdef0c2bfa90c52e5669e25 Mon Sep 17 00:00:00 2001
From: IanHoar <hoar.ian@gmail.com>
Date: Thu, 29 Nov 2018 13:47:12 -0800
Subject: [PATCH] Update rubyzip gem

rubyzip gem rubyzip version 1.2.1 and earlier contains a Directory Traversal vulnerability in Zip::File component that can result in write arbitrary files to the filesystem. This attack appear to be exploitable via If a site allows uploading of .zip files , an attacker can upload a malicious file that contains symlinks or files with absolute pathnames "../" to write arbitrary files to the filesystem

https://github.com/rubyzip/rubyzip/commit/d07b13a6cf0a413e010c48879aebd9576bfb5f68
---
 apktools.gemspec | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apktools.gemspec b/apktools.gemspec
index 094d805..4b0b4e6 100644
--- a/apktools.gemspec
+++ b/apktools.gemspec
@@ -30,5 +30,5 @@ Gem::Specification.new do |s|
 
   s.executables << 'get_app_version.rb'
   s.executables << 'read_manifest.rb'
-  s.add_runtime_dependency 'rubyzip', '~> 1.2.1'
+  s.add_runtime_dependency 'rubyzip', '~> 1.2.2'
 end