Hello Salvatore, Since you are part of security team, should the fix go in stable via security queue or stable pu?
Regards On Sun, 14 Jan 2018 20:44:07 +0100 Salvatore Bonaccorso <car...@debian.org> wrote: > Source: obs-build > Version: 20170201-1 > Severity: grave > Tags: security upstream > Forwarded: https://bugzilla.novell.com/show_bug.cgi?id=1069904 > > Hi, > > the following vulnerability was published for obs-build. > > I noticed the SUSE entry while checking for another issue for osc, and > note I'm completely unfamiliar with obs-build, so if you think this > needs an update as well for stable and oldstable, contact team@s.d.o > for double checking. To be on the safe side, chosen severity grave. > > CVE-2017-14804[0]: > build: Exploit extractbuild to write to files in the host system > > If you fix the vulnerability please also make sure to include the > CVE (Common Vulnerabilities & Exposures) id in your changelog entry. > > For further information see: > > [0] https://security-tracker.debian.org/tracker/CVE-2017-14804 > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14804 > [1] https://bugzilla.novell.com/show_bug.cgi?id=1069904 > > Please adjust the affected versions in the BTS as needed. > > Regards, > Salvatore > > -- Héctor Orón Martínez Collabora Ltd The Platinum Building St John's Innovation Park, Cambridge CB4 0DS, United Kingdom Telephone: +44 (0)1223 362967 Fax: +44 (0) 1223 351966 ------------------------------------ Visit Collabora on the Web at https://www.collabora.com/ Follow Collabora on Twitter https://twitter.com/collabora ------------------------------------