[Python-modules-commits] r31566 - in packages/pyyaml/trunk/debian (3 files)
kitterman at users.alioth.debian.org
kitterman at users.alioth.debian.org
Fri Dec 12 14:06:30 UTC 2014
Date: Friday, December 12, 2014 @ 14:06:29
Author: kitterman
Revision: 31566
* Backport security fix for Reachable Assertion security issue (potential
remote DoS) - CVE-2014-9130 (Closes: #772815)
- Add debian/patches/CVE-2014-9130-invalid-key-assert.diff
Added:
packages/pyyaml/trunk/debian/patches/CVE-2014-9130-invalid-key-assert.diff
Modified:
packages/pyyaml/trunk/debian/changelog
packages/pyyaml/trunk/debian/patches/series
Modified: packages/pyyaml/trunk/debian/changelog
===================================================================
--- packages/pyyaml/trunk/debian/changelog 2014-12-12 13:48:46 UTC (rev 31565)
+++ packages/pyyaml/trunk/debian/changelog 2014-12-12 14:06:29 UTC (rev 31566)
@@ -1,3 +1,11 @@
+pyyaml (3.11-2) unstable; urgency=medium
+
+ * Backport security fix for Reachable Assertion security issue (potential
+ remote DoS) - CVE-2014-9130 (Closes: #772815)
+ - Add debian/patches/CVE-2014-9130-invalid-key-assert.diff
+
+ -- Scott Kitterman <scott at kitterman.com> Fri, 12 Dec 2014 08:35:37 -0500
+
pyyaml (3.11-1) unstable; urgency=medium
[ Jakub Wilk ]
Added: packages/pyyaml/trunk/debian/patches/CVE-2014-9130-invalid-key-assert.diff
===================================================================
--- packages/pyyaml/trunk/debian/patches/CVE-2014-9130-invalid-key-assert.diff (rev 0)
+++ packages/pyyaml/trunk/debian/patches/CVE-2014-9130-invalid-key-assert.diff 2014-12-12 14:06:29 UTC (rev 31566)
@@ -0,0 +1,35 @@
+# HG changeset patch
+# User Kirill Simonov <xi at resolvent.net>
+# Date 1417197216 21600
+# Node ID ddf211a41bb231c365fece5599b7e484e6dc33fc
+# Parent 263dff6f9664ccdc532283ba5c7b282c0e436a7b
+Removed invalid simple key assertion.
+
+diff --git a/lib/yaml/scanner.py b/lib/yaml/scanner.py
+--- a/lib/yaml/scanner.py
++++ b/lib/yaml/scanner.py
+@@ -297,10 +297,6 @@
+ # Check if a simple key is required at the current position.
+ required = not self.flow_level and self.indent == self.column
+
+- # A simple key is required only if it is the first token in the current
+- # line. Therefore it is always allowed.
+- assert self.allow_simple_key or not required
+-
+ # The next token might be a simple key. Let's save it's number and
+ # position.
+ if self.allow_simple_key:
+diff --git a/lib3/yaml/scanner.py b/lib3/yaml/scanner.py
+--- a/lib3/yaml/scanner.py
++++ b/lib3/yaml/scanner.py
+@@ -297,10 +297,6 @@
+ # Check if a simple key is required at the current position.
+ required = not self.flow_level and self.indent == self.column
+
+- # A simple key is required only if it is the first token in the current
+- # line. Therefore it is always allowed.
+- assert self.allow_simple_key or not required
+-
+ # The next token might be a simple key. Let's save it's number and
+ # position.
+ if self.allow_simple_key:
Modified: packages/pyyaml/trunk/debian/patches/series
===================================================================
--- packages/pyyaml/trunk/debian/patches/series 2014-12-12 13:48:46 UTC (rev 31565)
+++ packages/pyyaml/trunk/debian/patches/series 2014-12-12 14:06:29 UTC (rev 31566)
@@ -1 +1,2 @@
size_t_not_int.diff
+CVE-2014-9130-invalid-key-assert.diff
More information about the Python-modules-commits
mailing list