Your message dated Sat, 29 Nov 2014 07:48:48 +0000
with message-id <[email protected]>
and subject line Bug#771365: fixed in libyaml-libyaml-perl 0.41-6
has caused the Debian Bug report #771365,
regarding libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert
failure
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
771365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: libyaml-libyaml-perl
Version: 0.38-3
Severity: important
Tags: security upstream fixed-upstream
Hi
An assert is triggered by wrapped strings, see [1,2]. The patch
applied to the new upstream version was to comment out the assertion
and let the parser fail.
[1]
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
[2] http://www.openwall.com/lists/oss-security/2014/11/28/1
[3]
https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: libyaml-libyaml-perl
Source-Version: 0.41-6
We believe that the bug you reported is fixed in the latest version of
libyaml-libyaml-perl, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated
libyaml-libyaml-perl package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 29 Nov 2014 08:23:09 +0100
Source: libyaml-libyaml-perl
Binary: libyaml-libyaml-perl
Architecture: source amd64
Version: 0.41-6
Distribution: unstable
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description:
libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation
Closes: 771365
Changes:
libyaml-libyaml-perl (0.41-6) unstable; urgency=high
.
* Team upload.
* Add CVE-2014-9130.patch patch.
Fix CVE-2014-9130: assertion failure caused by wrapped strings.
(Closes: 771365)
Checksums-Sha1:
93f646e1ec8ba121e0922a8b2665b58ba9a4f121 2172 libyaml-libyaml-perl_0.41-6.dsc
bb25fe229a24975c1830e23d289d911ceb5ac3ad 6624
libyaml-libyaml-perl_0.41-6.debian.tar.xz
Checksums-Sha256:
19e515e5f15e7480aa14461129117ba059a6e6a249a28c530086f8bf43e18e57 2172
libyaml-libyaml-perl_0.41-6.dsc
75bb9f7ec0fb9c4c761cb8df3eaf21a6a06697ee3f8a3ed5251a6a81cb3f3634 6624
libyaml-libyaml-perl_0.41-6.debian.tar.xz
Files:
fa656d63cea5f8790cc2e2ce9a06557f 2172 perl optional
libyaml-libyaml-perl_0.41-6.dsc
b275bee8588eba57849da535fbc5a50d 6624 perl optional
libyaml-libyaml-perl_0.41-6.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJUeXjUAAoJEAVMuPMTQ89EKCgP/jQ9i6zVODQcUh5nMa7xtn1I
3YhefJAjTzuQfbvc2SH/YUO6FW8axzYdlUDdEpWmeCNCx5ZYcoqU4Z9lHnCwmbU1
K8td3A3qr3hOA7wJgbV+VFo+fFGUPO9cddilUyc/7lsEWPhX0SC5gRk8H1/Lx2ZJ
NtJJU/cSDTr1aTTsfDN/+wZEt0mx2sOHT49MaTneduPEHvat1UkgHJwxG9bA2/WR
KazLtDgdqh+XWynsZ606NiD0s7V+iKsCllew3Y9OWg3lrulYfFhmF8hL5AeJl7lc
TPd1SjRV2RhXve7/fHRa44LRIS90AU9dAUx685Wp5SNJllqBlYNoUCHmXIAazOki
cwX99PlLQKr2tJF8kZODgBbp8WahmU2BDi+Pdy+GetvWpqHyxGQ5EiO0Y8DBcirn
/wlkUgF1ursshJQ20P1A+CAi9LViPyrrxmGd02WmkAxNiR7ju75uXNsgOJ+Upe6+
l769l+0lM/MK69RanrbJugGa9SOdumiCg7/Phtd7KbPg0L26Pxnqdr7DTqrHhP2f
Dk4C5ZT3nDhWc8c9wfGe94bforu2QIIOGKOE7xSCjr/kDLUHENIaoXGBjLtMMNek
bmbAcQbynwR52/G5nfgal3e6BjH6Lh6Y6aq6ruPK3NZWvmHlAa1CXq8iIbNdhksP
Voteqsm0beRjE41UKUC4
=VKqh
-----END PGP SIGNATURE-----
--- End Message ---
