[Secure-testing-team] Bug#771365: libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert failure
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 28 20:17:43 UTC 2014
Source: libyaml-libyaml-perl
Version: 0.38-3
Severity: important
Tags: security upstream fixed-upstream
Hi
An assert is triggered by wrapped strings, see [1,2]. The patch
applied to the new upstream version was to comment out the assertion
and let the parser fail.
[1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
[2] http://www.openwall.com/lists/oss-security/2014/11/28/1
[3] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a
Regards,
Salvatore
More information about the Secure-testing-team
mailing list