[DRE-maint] Bug#903797: open-build-service: CVE-2018-7689

Andrew Lee (=?UTF-8?Q?=E6=9D=8E=E5=81=A5=E7=A7=8B?=) ajqlee at debian.org
Sun Oct 21 16:00:57 BST 2018


Source: open-build-service
Followup-For: Bug #903797

I checked 2.7 branch on upstream git. There was a merge for fixing
"Handle links properly when doing backend build operations". Do not
seems upstream also applied CVE-2018-7689 fix for 2.7.4.
    https://github.com/openSUSE/open-build-service/commits/2.7

I probably the best way to check this is setup an OBS instence and
following the exploit to do a test. And may also useful to test if we
have to backport the patch from 2.9 to 2.7.4.

Best regards,
-Andrew



More information about the Pkg-ruby-extras-maintainers mailing list