Hi On Mon, 2018-01-15 at 21:24 +0100, Salvatore Bonaccorso wrote: > Just for reference, we track some "details" in the security-tracker > entry for CVE-2017-9274. SUSE did not only fix the > obs-service-source_validate part,
We don't ship obs-service-source_validate (it's separate upstream package). > but in osc added a validation (in > version 0.162.0) when using OBS 2.9 which is via commit: > > https://github.com/openSUSE/osc/commit/f0325eb0b58c266eb0905ccf827dc7 > eb864378a1 > > apparently. IMHO it doesn't make much sense to include on it's own, but maybe I'm missing something. -- Michal Čihař | https://cihar.com/ | https://weblate.org/
signature.asc
Description: This is a digitally signed message part