CVE-2017-9274 (v3: 7.8)
1 Mar 2018
A shell command injection in the obs-service-source_validator before 0.7 could be used to execute code as the packager when checking RPM SPEC files with specific macro constructs.