DSA-4234 lava-server – security update
Two vulnerabilities were discovered in LAVA, a continuous integrationsystem for deploying operating systems for running tests, which couldresult in information disclosure of files readable by the lavaserversystem user or the execution of arbitrary code via a XMLRPC call.
More info:
https://www.debian.org/security/2018/dsa-4234