[Pkg-rpm-devel] Bug#887306: obs-build: CVE-2017-14804: Exploit extractbuild to write to files in the host system
carnil at debian.org
Sun Jan 14 19:44:07 UTC 2018
Tags: security upstream
the following vulnerability was published for obs-build.
I noticed the SUSE entry while checking for another issue for osc, and
note I'm completely unfamiliar with obs-build, so if you think this
needs an update as well for stable and oldstable, contact team at s.d.o
for double checking. To be on the safe side, chosen severity grave.
build: Exploit extractbuild to write to files in the host system
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
Please adjust the affected versions in the BTS as needed.
More information about the Pkg-rpm-devel