Source: open-build-service
Followup-For: Bug #903797
I checked 2.7 branch on upstream git. There was a merge for fixing
"Handle links properly when doing backend build operations". Do not
seems upstream also applied CVE-2018-7689 fix for 2.7.4.
https://github.com/openSUSE/open-build-service/commits/2.7
I probably the best way to check this is setup an OBS instence and
following the exploit to do a test. And may also useful to test if we
have to backport the patch from 2.9 to 2.7.4.
Best regards,
-Andrew
