[Pkg-linaro-lava-devel] Bug#933918: src:lava: Unsafe use of yaml.load()
Steve McIntyre
steve at einval.com
Mon Sep 2 15:11:05 BST 2019
On Mon, Aug 05, 2019 at 01:28:40AM -0400, Scott Kitterman wrote:
>Package: src:lava
>Version: 2019.01-5
>Severity: grave
>Tags: security
>Justification: user security hole
>
>The new version of pyyaml no longer allows use of yaml.load() without a
>loader being specifed. This raises a deprecation warning which has
>caused and autopkgtest failure on this package. These are generally
>trivial to fix, see the upstream guidance [1].
>
>Scott K
>
>[1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
ACK. Fix coming shortly upstream...
--
Steve McIntyre, Cambridge, UK. steve at einval.com
Who needs computer imagery when you've got Brian Blessed?
More information about the Pkg-linaro-lava-devel
mailing list