[Python-modules-team] Bug#933921: src:python-tablib: Unsafe use of yaml.load()
Thomas Goirand
zigo at debian.org
Mon Aug 5 10:56:20 BST 2019
On 8/5/19 7:35 AM, Scott Kitterman wrote:
> Package: src:python-tablib
> Version: 0.12.1-2
> Severity: grave
> Tags: security
> Justification: user security hole
>
> The new version of pyyaml no longer allows use of yaml.load() without a
> loader being specifed. This raises a deprecation warning which has
> caused and autopkgtest failure on this package. These are generally
> trivial to fix, see the upstream guidance [1].
>
> Scott K
>
> [1] https://github.com/yaml/pyyaml/wiki/PyYAML-yaml.load(input)-Deprecation
>
>
Hi,
FYI, I have just filed a removal bug for this one, as it's not used by
any OpenStack things anymore.
Cheers,
Thomas Goirand (zigo)
More information about the Python-modules-team
mailing list