[DRE-maint] Bug#903797: open-build-service: CVE-2018-7689
Andrew Lee (=?UTF-8?Q?=E6=9D=8E=E5=81=A5=E7=A7=8B?=)
ajqlee at debian.org
Sun Oct 21 16:00:57 BST 2018
Source: open-build-service
Followup-For: Bug #903797
I checked 2.7 branch on upstream git. There was a merge for fixing
"Handle links properly when doing backend build operations". Do not
seems upstream also applied CVE-2018-7689 fix for 2.7.4.
https://github.com/openSUSE/open-build-service/commits/2.7
I probably the best way to check this is setup an OBS instence and
following the exploit to do a test. And may also useful to test if we
have to backport the patch from 2.9 to 2.7.4.
Best regards,
-Andrew
More information about the Pkg-ruby-extras-maintainers
mailing list