Bug#942146: koji: CVE-2019-17109
Moritz Muehlenhoff
jmm at inutil.org
Thu Jan 23 19:42:03 GMT 2020
On Thu, Jan 23, 2020 at 04:37:15PM +0000, Holger Levsen wrote:
> Hi Salvatore,
>
> On Sun, Jan 05, 2020 at 09:02:20PM +0100, Salvatore Bonaccorso wrote:
> > Any news on this issue? AFAICT, the issue is fixed as well in 1.16.3,
> > so the smaller jump should be possible. Once fixed in unstable, can
> > you adress the issue as well via point release?
>
> I think it's pointless to have 1.16.x in unstable and newer koji needs
> newer dnf (and some other stuff, iirc), which isnt packaged in Debian,
> so this is not as straightforward as it seems.
>
> I'm also not sure there are many (or any?) users of koji from stable. If
> I were to use it, I would use koji from Fedora...
> https://qa.debian.org/popcon.php?package=koji seems to confirm this.
Let's remove it in the upcoming stretch/buster point releases, then?
Cheers,
Moritz
More information about the Reproducible-builds
mailing list