[Pkg-linaro-lava-devel] Bug#933919: src:lavacli: Unsafe use of yaml.load()
Remi Duraffort
remi.duraffort at linaro.org
Wed Sep 18 11:06:45 BST 2019
On Mon, 05 Aug 2019 01:31:12 -0400 Scott Kitterman <debian at kitterman.com>
wrote:
> Package: src:lavacli
> Version: 0.9.7-1
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The new version of pyyaml no longer allows use of yaml.load() without a
> loader being specifed. This raises a deprecation warning which has
> caused and autopkgtest failure on this package. These are generally
> trivial to fix, see the upstream guidance [1].
>
> Scott K
>
> [1]
https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
>
>
Hello,
this should be already fixed in the version your are mentioning (v0.9.7).
I looked at the code again and can't find any places where yaml.load is
used without a loader.
Could you point me at the CI job that is raising this warning?
Thanks
--
RĂ©mi Duraffort
More information about the Pkg-linaro-lava-devel
mailing list