[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20141229213430.GA7181@pisco.westfalen.local>
Date: Mon, 29 Dec 2014 22:34:30 +0100
From: Moritz Muehlenhoff <jmm@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3115-1] pyyaml security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3115-1 security@...ian.org
http://www.debian.org/security/ Moritz Muehlenhoff
December 29, 2014 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : pyyaml
CVE ID : CVE-2014-9130
Debian Bug : 772815
Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in Python-YAML, a YAML parser and emitter
for Python. An attacker able to load specially crafted YAML input into an
application using python-yaml could cause the application to crash.
For the stable distribution (wheezy), this problem has been fixed in
version 3.10-4+deb7u1.
For the upcoming stable distribution (jessie), this problem has been
fixed in version 3.11-2.
For the unstable distribution (sid), this problem has been fixed in
version 3.11-2.
We recommend that you upgrade your pyyaml packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUochoAAoJEBDCk7bDfE42uksP/iffDvE9L3Wm1DcVVgtWmzgK
Piq6PdO3ztbcSW6av53E5MgVDixQgmyqPluWQOU0GGdcbWtpNBbWw7loyLjeu692
d0pVvxtmDQXWaXMcYTMxPnL6mub6HtIUSxeaymiOSeY7kAaV4HOntPQrivMrPM0n
hlmtQsu6whSXP3BqaXffL9mGeIVfmknGnMOdkJq41nrSJIkjN/BN+jBca8BHhizA
J0ntxYu0CZyLUTKyKWhTTmgxRPWTyyr/+s3a7Xrjn6+Wkj8SF7XP+2NLLLDshY/R
tBSfuRmk+tx/249PTXhLEvQvS7mR+FouMfYHsAJjPtIqmxXk6BkRxI3W4I5felP+
ntAGX22o51SAIrm4fQDKlJW5wDowRu1iP7K8uQx2xWhGLo7w3QIreYU1J/ny6Xpe
Ms57exgDHnYrmJs68bdAKRHTyZScr+4s/DapW/awBBLap3uhU3qjMfnyj4XDhC+u
5gkIcok8uBxvkS4Sh1zkykNJL8efEY0CeyzNiAMwkSG3qfC9EgSQFh7M8bNg6Iie
8gnGy4WpqecY2lpE5ZmAThlsFmoWhIhM6AVRqKqcSYI/2P4qs/mhxTeTqphh7+xe
Fz3r2CNAQtF0T2wU66+BVFg+6IYUkyjHg/GdtGAfvR7UVdNN8fwlao8U+bTaEfD+
EQoTq8Ql4+hnEJR+Sk1r
=Usft
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists