On Thu, Feb 09, 2023 at 09:59:57PM +0100, Paul Gevers wrote: > Control: reassign -1 debci-collector > Control: retitle -1 missing filename sanitizing > > Hi Jonas, > > On 08-02-2023 21:20, Paul Gevers wrote: > > So it's either the timing was extremely unfortunate and your package hit > > something unknown on our infrastructure, or it's actually the package > > that's causing issues on our infrastructure. > > We have tracked down the issue and it turns out that this: > > -ureq-2:gzip PASS > triggers a bug in debci. The testname is used for filenames and the hyphen > is interpreted as an option to tar, triggering: > tar: You may not specify more than one '-Acdtrux', '--delete' or > '--test-label' option > > We're working on a fix. > > @terceiro: thinking of it, should we request a CVE for this? Do you think we have enough users of debci to justify this? (as in people who are actually running their own debci service).
Attachment:
signature.asc
Description: PGP signature