lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20141229213430.GA7181@pisco.westfalen.local>
Date: Mon, 29 Dec 2014 22:34:30 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3115-1] pyyaml security update

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-3115-1                   security@...ian.org
http://www.debian.org/security/                        Moritz Muehlenhoff
December 29, 2014                      http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : pyyaml
CVE ID         : CVE-2014-9130
Debian Bug     : 772815

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the 
way wrapped strings are parsed in Python-YAML, a YAML parser and emitter 
for Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.

For the stable distribution (wheezy), this problem has been fixed in
version 3.10-4+deb7u1.

For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.11-2.

For the unstable distribution (sid), this problem has been fixed in
version 3.11-2.

We recommend that you upgrade your pyyaml packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJUochoAAoJEBDCk7bDfE42uksP/iffDvE9L3Wm1DcVVgtWmzgK
Piq6PdO3ztbcSW6av53E5MgVDixQgmyqPluWQOU0GGdcbWtpNBbWw7loyLjeu692
d0pVvxtmDQXWaXMcYTMxPnL6mub6HtIUSxeaymiOSeY7kAaV4HOntPQrivMrPM0n
hlmtQsu6whSXP3BqaXffL9mGeIVfmknGnMOdkJq41nrSJIkjN/BN+jBca8BHhizA
J0ntxYu0CZyLUTKyKWhTTmgxRPWTyyr/+s3a7Xrjn6+Wkj8SF7XP+2NLLLDshY/R
tBSfuRmk+tx/249PTXhLEvQvS7mR+FouMfYHsAJjPtIqmxXk6BkRxI3W4I5felP+
ntAGX22o51SAIrm4fQDKlJW5wDowRu1iP7K8uQx2xWhGLo7w3QIreYU1J/ny6Xpe
Ms57exgDHnYrmJs68bdAKRHTyZScr+4s/DapW/awBBLap3uhU3qjMfnyj4XDhC+u
5gkIcok8uBxvkS4Sh1zkykNJL8efEY0CeyzNiAMwkSG3qfC9EgSQFh7M8bNg6Iie
8gnGy4WpqecY2lpE5ZmAThlsFmoWhIhM6AVRqKqcSYI/2P4qs/mhxTeTqphh7+xe
Fz3r2CNAQtF0T2wU66+BVFg+6IYUkyjHg/GdtGAfvR7UVdNN8fwlao8U+bTaEfD+
EQoTq8Ql4+hnEJR+Sk1r
=Usft
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ