Information on source package open-build-service

Available versions

ReleaseVersion
stretch2.7.1-10+deb9u1
bookworm2.9.4-9
trixie2.9.4-10
sid2.9.4-10

Open issues

BugstretchbookwormtrixiesidDescription
CVE-2020-8031vulnerable (no DSA, postponed)fixedfixedfixedA Improper Neutralization of Input During Web Page Generation ('Cross- ...
CVE-2018-12479vulnerable (no DSA)fixedfixedfixedA Improper Input Validation vulnerability in Open Build Service allows ...
CVE-2018-12467vulnerable (no DSA)fixedfixedfixedAuthorized users of the openbuildservice before 2.9.4 could delete pac ...
CVE-2018-12466vulnerable (no DSA)fixedfixedfixedopenSUSE openbuildservice before 9.2.4 allowed authenticated users to ...
CVE-2018-7689vulnerable (no DSA)fixedfixedfixedLack of permission checks in the InitializeDevelPackage function in op ...
CVE-2018-7688vulnerable (no DSA)fixedfixedfixedA missing permission check in the review handling of openSUSE Open Bui ...
CVE-2017-9268vulnerable (no DSA)fixedfixedfixedIn the open build service before 201707022 the wipetrigger and rebuild ...
CVE-2017-5188vulnerable (no DSA)fixedfixedfixedThe bs_worker code in open build service before 20170320 followed rela ...

Resolved issues

BugDescription
CVE-2020-8021a Improper Access Control vulnerability in of Open Build Service allow ...
CVE-2020-8020A Improper Neutralization of Input During Web Page Generation vulnerab ...
CVE-2015-0796In open buildservice 2.6 before 2.6.3, 2.5 before 2.5.7 and 2.4 before ...
CVE-2014-0594In the Open Build Service (OBS) before version 2.4.6 the CSRF protecti ...
CVE-2011-4183A vulnerability in open build service allows remote attackers to uploa ...
CVE-2011-4181A vulnerability in open build service allows remote attackers to gain ...
CVE-2011-3178In the web ui of the openbuildservice before 2.3.0 a code injection of ...
CVE-2011-0469Code injection in openSUSE when running some source services used in t ...
CVE-2010-3782obs-server before 1.7.7 allows logins by 'unconfirmed' accounts due to ...

Security announcements

DSA / DLADescription
DLA-2545-1open-build-service - security update

Search for package or bug name: Reporting problems