A new CVE for Koji will become public soon. We will announce the details on Thursday, February 21 around 14:00 UTC. The announcement will go to the koji-devel and oss-security mailing lists:


https://lists.fedorahosted.org/archives/list/koji-devel@lists.fedorahosted.org/

http://www.openwall.com/lists/oss-security/