Bug#942146: koji: CVE-2019-17109
Salvatore Bonaccorso
carnil at debian.org
Thu Oct 10 21:57:50 BST 2019
Source: koji
Version: 1.16.2-1
Severity: grave
Tags: security upstream
Justification: user security hole
Forwarded: https://pagure.io/koji/issue/1634
Hi,
The following vulnerability was published for koji.
CVE-2019-17109[0]:
| Koji through 1.18.0 allows remote Directory Traversal, with resultant
| Privilege Escalation.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2019-17109
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17109
[1] https://pagure.io/koji/issue/1634
[2] https://docs.pagure.org/koji/CVE-2019-17109/
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
More information about the Reproducible-builds
mailing list