[Pkg-rpm-devel] Bug#887391: CVE-2017-9274

Michal Čihař michal at cihar.com
Tue Jan 16 08:03:11 UTC 2018


On Mon, 2018-01-15 at 21:24 +0100, Salvatore Bonaccorso wrote:
> Just for reference, we track some "details" in the security-tracker
> entry for CVE-2017-9274. SUSE did not only fix the
> obs-service-source_validate part, 

We don't ship obs-service-source_validate (it's separate upstream

> but in osc added a validation (in
> version 0.162.0) when using OBS 2.9 which is via commit: 
> https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7
> eb864378a1
> apparently.

IMHO it doesn't make much sense to include on it's own, but maybe I'm
missing something.

	Michal Čihař | https://cihar.com/ | https://weblate.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-rpm-devel/attachments/20180116/7eb45d6d/attachment.sig>

More information about the Pkg-rpm-devel mailing list