[Secure-testing-commits] r30703 - data/CVE
Scott Kitterman
kitterman at moszumanska.debian.org
Fri Dec 12 13:50:47 UTC 2014
Author: kitterman
Date: 2014-12-12 13:50:47 +0000 (Fri, 12 Dec 2014)
New Revision: 30703
Modified:
data/CVE/list
Log:
Add fixed version and upstream commit reference for pyyaml CVE-2014-9130
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2014-12-12 13:31:58 UTC (rev 30702)
+++ data/CVE/list 2014-12-12 13:50:47 UTC (rev 30703)
@@ -887,10 +887,11 @@
CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...)
- libyaml 0.1.6-3 (bug #771366)
- libyaml-libyaml-perl 0.41-6 (bug #771365)
- - pyyaml <unfixed> (bug #772815)
+ - pyyaml 3.11-2 (bug #772815)
NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE
+ NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/
CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...)
- mantis <removed>
[squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)
More information about the Secure-testing-commits
mailing list