26 lines
527 B
ReStructuredText
26 lines
527 B
ReStructuredText
================
|
|
CVE-2017-1002153
|
|
================
|
|
|
|
Koji 1.13.0 does not properly validate SCM paths.
|
|
|
|
|
|
Summary
|
|
-------
|
|
|
|
Koji 1.13.0 does not properly validate SCM paths, allowing an attacker to work around blacklisted paths for build submission.
|
|
|
|
|
|
Bug fix
|
|
-------
|
|
|
|
Koji versions 1.14.0 and forward contain the fix.
|
|
|
|
This bug was tracked as `issue#563 <https://pagure.io/koji/issue/563>`_
|
|
|
|
Links
|
|
-----
|
|
|
|
Fixed versions can be found at our releases page:
|
|
|
|
`https://pagure.io/koji/releases <https://pagure.io/koji/releases>`_
|