<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">

<html lang="en">

<head>

<meta content="text/html; charset=US-ASCII" http-equiv="Content-Type">

<title>

GitLab

</title>

<style>img {

max-width: 100%; height: auto;

}

</style>

</head>

<body>

<div class="content">

<h3>

Emilio Pozuelo Monfort pushed to branch master

at <a href="https://salsa.debian.org/security-tracker-team/security-tracker">Debian Security Tracker / security-tracker</a>

</h3>

<h4>

Commits:

</h4>

<ul>

<li>

<strong><a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d9c23a9253a598e6467960ed578def2a8d4db4">37d9c23a</a></strong>

<div>

<span>by Emilio Pozuelo Monfort</span>

<i>at 2020-03-03T12:54:14+01:00</i>

</div>

<pre class="commit-message" style="white-space: pre-wrap; margin: 0;">CVE-2020-1747/pyyaml: mark as n/a on buster and older

These versions don't have FullLoader, only SafeLoader and Loader.

Loader is thus an unsafe one, and shouldn't be trusted to load

untrusted content, thus it doesn't need to be fixed and could break

programs that make use of it to load trusted yaml with special methods.

</pre>

</li>

</ul>

<h4>1 changed file:</h4>

<ul>

<li class="file-stats">

<a href="#4716ef5aa8f2742228ba3b3633215c8b808565e3">

data/CVE/list

</a>

</li>

</ul>

<h4>Changes:</h4>

<li id="4716ef5aa8f2742228ba3b3633215c8b808565e3">

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d9c23a9253a598e6467960ed578def2a8d4db4#4716ef5aa8f2742228ba3b3633215c8b808565e3"><strong>data/CVE/list</strong></a>

<hr>

No preview for this file type

<br>

</li>

</div>

<div class="footer" style="margin-top: 10px;">

<p style="font-size: small; color: #777;">

—

<br>

<a href="https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d9c23a9253a598e6467960ed578def2a8d4db4">View it on GitLab</a>.

<br>

You're receiving this email because of your account on salsa.debian.org.

If you'd like to receive fewer emails, you can

adjust your notification settings.

<script type="application/ld+json">{"@context":"http://schema.org","@type":"EmailMessage","action":{"@type":"ViewAction","name":"View Commit","url":"https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/37d9c23a9253a598e6467960ed578def2a8d4db4"}}</script>

</p>

</div>

</body>

</html>