A new CVE for Koji will become public soon. We will announce the details on Thursday, February 21 around 14:00 UTC. The announcement will go to the koji-devel and oss-security mailing lists:
https://lists.fedorahosted.org/archives/list/koji-devel@lists.fedorahosted.o...
koji-devel@lists.stg.fedorahosted.org