On Thu, Apr 15, 2021 at 11:38:15AM +0200, Vitaly Zaitsev via devel wrote: > On 15.04.2021 07:22, Pavel Zhukov wrote: > > There is (was?) bug in pagure which allows any Fedora package to > > orphan any package in the distribution. > > Yes. This is not a bug, this is a critical vulnerability. It must be fixed > ASAP. > > Reported 1 month ago and still not fixed.
No. It was reported a month ago and fixed days later. I'm sorry it wasn't announced, but I think there was some followup (we wanted to make sure we handled it all). I'll go look and see. kevin
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
