Bug#942146: koji: CVE-2019-17109
Holger Levsen
holger at layer-acht.org
Thu Jan 23 16:37:15 GMT 2020
Hi Salvatore,
On Sun, Jan 05, 2020 at 09:02:20PM +0100, Salvatore Bonaccorso wrote:
> Any news on this issue? AFAICT, the issue is fixed as well in 1.16.3,
> so the smaller jump should be possible. Once fixed in unstable, can
> you adress the issue as well via point release?
I think it's pointless to have 1.16.x in unstable and newer koji needs
newer dnf (and some other stuff, iirc), which isnt packaged in Debian,
so this is not as straightforward as it seems.
I'm also not sure there are many (or any?) users of koji from stable. If
I were to use it, I would use koji from Fedora...
https://qa.debian.org/popcon.php?package=koji seems to confirm this.
--
cheers,
Holger
-------------------------------------------------------------------------------
holger@(debian|reproducible-builds|layer-acht).org
PGP fingerprint: B8BF 5413 7B09 D35C F026 FE9D 091A B856 069A AA1C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/reproducible-builds/attachments/20200123/6f78c880/attachment.sig>
More information about the Reproducible-builds
mailing list