[Secure-testing-team] Bug#771366: libyaml: CVE-2014-9130: Wrapped strings cause assert failure
Anders Kaseorg
andersk at mit.edu
Sat Nov 29 02:19:23 UTC 2014
On Fri, 28 Nov 2014, Salvatore Bonaccorso wrote:
> An assert is triggered by wrapped strings, see [1,2,3]. Proposed commit
> in [4] comments out the assertion and let the parser fail. CVE-2014-9130
> was assigned for this reachable assertion in scanner.c.
>
> [1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
> [2] http://www.openwall.com/lists/oss-security/2014/11/28/1
> [3] https://security-tracker.debian.org/CVE-2014-9130
> [4] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a
Note that GitHib is not upstream for libyaml; this GitHub repo is just a
mirror[1] of the upstream Mercurial repo. The upstream fix simply deletes
the offending assert() rather than commenting it:
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
I’ll upload this to unstable shortly.
Anders
[1] And a poorly-maintained one at that; the parent commit is just
labelled “Sync to head of https://bitbucket.org/xi/libyaml”, discarding
all the history between those points.
More information about the Secure-testing-team
mailing list