[Pkg-linaro-lava-devel] Bug#933919: src:lavacli: Unsafe use of yaml.load()

Steve McIntyre steve at einval.com
Mon Sep 2 15:11:50 BST 2019

On Mon, Aug 05, 2019 at 01:31:12AM -0400, Scott Kitterman wrote:
>Package: src:lavacli
>Version: 0.9.7-1
>Severity: grave
>Tags: security
>Justification: user security hole
>The new version of pyyaml no longer allows use of yaml.load() without a
>loader being specifed.  This raises a deprecation warning which has
>caused and autopkgtest failure on this package.  These are generally
>trivial to fix, see the upstream guidance [1].
>Scott K

ACK, fix coming shortly upstream.

Steve McIntyre, Cambridge, UK.                                steve at einval.com
  Getting a SCSI chain working is perfectly simple if you remember that there
  must be exactly three terminations: one on one end of the cable, one on the
  far end, and the goat, terminated over the SCSI chain with a silver-handled
  knife whilst burning *black* candles. --- Anthony DeBoer

More information about the Pkg-linaro-lava-devel mailing list