[Pkg-salt-team] Bug#933922: src:salt: Unsafe use of yaml.load()
Scott Kitterman
debian at kitterman.com
Mon Aug 5 06:41:50 BST 2019
Package: src:salt
Version: 2018.3.4+dfsg1-6
Severity: grave
Tags: security
Justification: user security hole
The new version of pyyaml no longer allows use of yaml.load() without a
loader being specifed. This raises a deprecation warning which has
caused and autopkgtest failure on this package. These are generally
trivial to fix, see the upstream guidance [1].
Scott K
[1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
More information about the pkg-salt-team
mailing list