[Pkg-puppet-devel] Wheezy update of puppet?

[Paul Wise]

On Wed, May 24, 2017 at 5:51 PM, Apollon Oikonomopoulos wrote:

> So, from my understanding the version in Wheezy cannot be fixed: the 2.7
> agents only use YAML to send out facts and upstream's fix is to simply
> not accept anything other than PSON. Whitelisting YAML defeats the
> purpose, as it's YAML's deserialization of untrusted data that leads to
> remote code execution.

In Python/Perl YAML libraries there are ways to safely load YAML
files, does Ruby not have the same possibilities?

-- 
bye,
pabs

https://wiki.debian.org/PaulWise