[Pkg-salt-team] Bug#933922: Bug#933922: src:salt: Unsafe use of yaml.load()
Benjamin Drung
benjamin.drung at cloud.ionos.com
Thu Aug 29 15:26:56 BST 2019
Am Montag, den 05.08.2019, 01:41 -0400 schrieb Scott Kitterman:
> Package: src:salt
> Version: 2018.3.4+dfsg1-6
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The new version of pyyaml no longer allows use of yaml.load() without
> a
> loader being specifed. This raises a deprecation warning which has
> caused and autopkgtest failure on this package. These are generally
> trivial to fix, see the upstream guidance [1].
This was already reported to upstream in
https://github.com/saltstack/salt/issues/39531 and was fixed by pull
request https://github.com/saltstack/salt/pull/40751
I will cherry-pick these changes.
--
Benjamin Drung
System Developer
Debian & Ubuntu Developer
1&1 IONOS Cloud GmbH | Greifswalder Str. 207 | 10405 Berlin | Germany
E-mail: benjamin.drung at cloud.ionos.com | Web: www.ionos.de
Head Office: Berlin, Germany
District Court Berlin Charlottenburg, Registration number: HRB 125506 B
Executive Management: Christoph Steffens, Matthias Steinberg, Achim
Weiss
Member of United Internet
More information about the pkg-salt-team
mailing list