[Pkg-puppet-devel] Bug#712765: ITP: ruby-safe-yaml -- Safe implementation of YAML.load
Stig Sandbeck Mathisen
ssm at redpill-linpro.com
Wed Jun 19 09:53:55 UTC 2013
Package: wnpp
Severity: wishlist
Owner: Stig Sandbeck Mathisen <ssm at debian.org>
* Package name : ruby-safe-yaml
Version : 0.9.2
Upstream Author : Dan Tao <daniel.tao at gmail.com>
* URL : https://github.com/dtao/safe_yaml
* License : MIT
Programming Lang: Ruby
Description : Safe implementation of YAML.load
The SafeYAML gem provides an alternative implementation of YAML.load suitable
for accepting user input in Ruby applications. Unlike Ruby's built-in
implementation of YAML.load, SafeYAML's version will not expose apps to
arbitrary code execution exploits.
(The safe_yaml gem was vendored into puppet to fix a recent vulnerability. The
packaging of this gem should help this situation.)
More information about the Pkg-puppet-devel
mailing list