[Secure-testing-team] Bug#771366: libyaml: CVE-2014-9130: Wrapped strings cause assert failure
Salvatore Bonaccorso
carnil at debian.org
Fri Nov 28 20:22:24 UTC 2014
Source: libyaml
Version: 0.1.4-2
Severity: important
Tags: security upstream patch
Hi,
An assert is triggered by wrapped strings, see [1,2,3]. Proposed commit
in [4] comments out the assertion and let the parser fail.
CVE-2014-9130 was assigned for this reachable assertion in scanner.c.
[1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
[2] http://www.openwall.com/lists/oss-security/2014/11/28/1
[3] https://security-tracker.debian.org/CVE-2014-9130
[4] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a
Regards,
Salvatore
More information about the Secure-testing-team
mailing list