Mailinglist Archive: opensuse-buildservice (137 mails)

< Previous Next >
Re: [opensuse-buildservice] OBS 2.1.15 released, fixing security issue

but now bs_srcserver is broken.
Global symbol "$cicount" requires explicit package name at /usr/lib/obs/server//bs_srcserver line 1308.

line 1308: die("illegal cicount\n") unless $cicount eq 'copy' || $cicount eq 'add' || $cicount eq 'local';

$cicount is used here without initialisation :(
initialisation is made some lines later.

line 1348: my $cicount = $l->{'cicount'} || 'add';

so where does it come from ?


Am 02.12.2011 13:03, schrieb Adrian Schröter:
We did another 2.1 OBS release, fixing a security issue tracked
as issue CVE-2011-4181.

OBS 2.1 versions are affected when "sourceaccess" protection is
used on package base (not entire projects). The access to package
source was possible nevertheless.

OBS 2.0 and before is not affected.

OBS 2.1.15 can be found in openSUSE:Tools:2.1 project:

and is tagged in git.


- Please do not 'CC' me on list mails.
Just reply to the list :)
Der ultimative shop für Sportbekleidung und Zubehör

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups