[Pkg-linaro-lava-devel] Bug#933919: src:lavacli: Unsafe use of yaml.load()

Scott Kitterman debian at kitterman.com
Mon Aug 5 06:31:12 BST 2019

Package: src:lavacli
Version: 0.9.7-1
Severity: grave
Tags: security
Justification: user security hole

The new version of pyyaml no longer allows use of yaml.load() without a
loader being specifed.  This raises a deprecation warning which has
caused and autopkgtest failure on this package.  These are generally
trivial to fix, see the upstream guidance [1].

Scott K

[1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation

More information about the Pkg-linaro-lava-devel mailing list