Information on source package open-build-service

Available versions

ReleaseVersion
stretch2.7.1-10
stretch (security)2.7.1-10+deb9u1
sid2.9.4-3

Open issues

BugstretchsidDescription
CVE-2020-8031vulnerable (no DSA, postponed)vulnerableA Improper Neutralization of Input During Web Page Generation ('Cross- ...
CVE-2020-8021fixedvulnerablea Improper Access Control vulnerability in of Open Build Service allow ...
CVE-2020-8020fixedvulnerableA Improper Neutralization of Input During Web Page Generation vulnerab ...
CVE-2018-12479vulnerable (no DSA)fixedA Improper Input Validation vulnerability in Open Build Service allows ...
CVE-2018-12467vulnerable (no DSA)fixedAuthorized users of the openbuildservice before 2.9.4 could delete pac ...
CVE-2018-12466vulnerable (no DSA)vulnerableopenSUSE openbuildservice before 9.2.4 allowed authenticated users to ...
CVE-2018-7689vulnerable (no DSA)fixedLack of permission checks in the InitializeDevelPackage function in op ...
CVE-2018-7688vulnerable (no DSA)fixedA missing permission check in the review handling of openSUSE Open Bui ...
CVE-2017-9268vulnerable (no DSA)vulnerableIn the open build service before 201707022 the wipetrigger and rebuild ...
CVE-2017-5188vulnerable (no DSA)fixedThe bs_worker code in open build service before 20170320 followed rela ...

Resolved issues

BugDescription
CVE-2015-0796In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before ...
CVE-2014-0594In the Open Build Service (OBS) before version 2.4.6 the CSRF protecti ...
CVE-2011-4183A vulnerability in open build service allows remote attackers to uploa ...
CVE-2011-4181A vulnerability in open build service allows remote attackers to gain ...
CVE-2011-3178In the web ui of the openbuildservice before 2.3.0 a code injection of ...
CVE-2011-0469Code injection in openSUSE when running some source services used in t ...
CVE-2010-3782obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...

Security announcements

DSA / DLADescription
DLA-2545-1open-build-service - security update

Search for package or bug name: Reporting problems