[Git][java-team/snakeyaml][master] 4 commits: Declare compliance with Debian Policy 4.6.2.

Markus Koschany (@apo) gitlab at salsa.debian.org
Sun Feb 19 15:38:36 GMT 2023 


Markus Koschany pushed to branch master at Debian Java Maintainers / snakeyaml


Commits:
1d96a3cc by Markus Koschany at 2023-02-19T16:13:26+01:00
Declare compliance with Debian Policy 4.6.2.

- - - - -
450443fb by Markus Koschany at 2023-02-19T16:23:55+01:00
Add README.Debian.security and explain that snakeyaml is not designed to

process YAML input from untrusted sources.

Closes: #1030046

- - - - -
e7e04a3c by Markus Koschany at 2023-02-19T16:29:14+01:00
Update changelog

- - - - -
e96fde00 by Markus Koschany at 2023-02-19T16:34:46+01:00
Use libyaml-snake-java.docs to install README.Debian.security

- - - - -


4 changed files:

- + debian/README.Debian.security
- debian/changelog
- debian/control
- + debian/libyaml-snake-java.docs


Changes:

=====================================
debian/README.Debian.security
=====================================
@@ -0,0 +1,5 @@
+Note that snakeyaml isn't designed to operate on YAML data coming from untrusted
+sources, in such cases you need to apply sanitising/exception handling yourself.
+
+Please see https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md
+for additional information.


=====================================
debian/changelog
=====================================
@@ -1,3 +1,12 @@
+snakeyaml (1.33-2) unstable; urgency=medium
+
+  * Team upload.
+  * Declare compliance with Debian Policy 4.6.2.
+  * Add README.Debian.security and explain that snakeyaml is not designed to
+    process YAML input from untrusted sources. (Closes: #1030046)
+
+ -- Markus Koschany <apo at debian.org>  Sun, 19 Feb 2023 16:28:46 +0100
+
 snakeyaml (1.33-1) unstable; urgency=medium
 
   * Team upload.


=====================================
debian/control
=====================================
@@ -24,7 +24,7 @@ Build-Depends:
  , libsurefire-java
  , maven-debian-helper (>= 1.6.5)
  , velocity
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
 Vcs-Git: https://salsa.debian.org/java-team/snakeyaml.git
 Vcs-Browser: https://salsa.debian.org/java-team/snakeyaml
 Homepage: https://bitbucket.org/snakeyaml/snakeyaml


=====================================
debian/libyaml-snake-java.docs
=====================================
@@ -0,0 +1 @@
+debian/README.Debian.security



View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/29e65095278d192494af0a5caa03cfed861c3ad2...e96fde00c1da3ef544c5a43513bd340adf017856

-- 
View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/29e65095278d192494af0a5caa03cfed861c3ad2...e96fde00c1da3ef544c5a43513bd340adf017856
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230219/e8e41a67/attachment.htm>

More information about the pkg-java-commits mailing list