[Git][java-team/snakeyaml][bullseye] 2 commits: Install README.Debian.security and explain that snakeyaml

Markus Koschany (@apo) gitlab at salsa.debian.org
Fri Feb 24 21:46:01 GMT 2023 


Markus Koschany pushed to branch bullseye at Debian Java Maintainers / snakeyaml


Commits:
fbec2170 by Markus Koschany at 2023-02-24T22:21:51+01:00
Install README.Debian.security and explain that snakeyaml

is not designed to process YAML input from untrusted sources.

- - - - -
941773c6 by Markus Koschany at 2023-02-24T22:22:44+01:00
Update changelog

- - - - -


3 changed files:

- + debian/README.Debian.security
- debian/changelog
- + debian/libyaml-snake-java.docs


Changes:

=====================================
debian/README.Debian.security
=====================================
@@ -0,0 +1,5 @@
+Note that snakeyaml isn't designed to operate on YAML data coming from untrusted
+sources, in such cases you need to apply sanitising/exception handling yourself.
+
+Please see https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md
+for additional information.


=====================================
debian/changelog
=====================================
@@ -1,3 +1,11 @@
+snakeyaml (1.28-1+deb11u2) bullseye; urgency=medium
+
+  * Team upload.
+  * Install README.Debian.security and explain that snakeyaml
+    is not designed to process YAML input from untrusted sources.
+
+ -- Markus Koschany <apo at debian.org>  Fri, 24 Feb 2023 22:22:25 +0100
+
 snakeyaml (1.28-1+deb11u1) bullseye; urgency=medium
 
   * Team upload.


=====================================
debian/libyaml-snake-java.docs
=====================================
@@ -0,0 +1 @@
+debian/README.Debian.security



View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/bb9c104cc439e22651cb794ea35bae653085cbd8...941773c65fe886a76e49146f46f23312f721a999

-- 
View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/bb9c104cc439e22651cb794ea35bae653085cbd8...941773c65fe886a76e49146f46f23312f721a999
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20230224/6519d6c1/attachment.htm>

More information about the pkg-java-commits mailing list