[Python-modules-team] Bug#772815: Bug#772815: pyyaml: CVE-2014-9130
Scott Kitterman
sklist at kitterman.com
Thu Dec 11 12:09:11 UTC 2014
On December 11, 2014 6:37:51 AM EST, Moritz Muehlenhoff <jmm at inutil.org> wrote:
>Package: pyyaml
>Severity: grave
>Tags: security
>
>Hi,
>CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
>reproducer.
I'm away from any computer I could test this on today.
Is this still a problem with a fixed libyaml? Our pyyaml is built against it and I thought didn't use the internal parser.
Scott K
More information about the Python-modules-team
mailing list