Bug#771365: marked as done (libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert failure)

Sun, 14 Dec 2014 05:37:28 -0800 

Your message dated Sun, 14 Dec 2014 13:34:15 +0000
with message-id <[email protected]>
and subject line Bug#771365: fixed in libyaml-libyaml-perl 0.33-1+squeeze4
has caused the Debian Bug report #771365,
regarding libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert 
failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
771365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libyaml-libyaml-perl
Version: 0.38-3
Severity: important
Tags: security upstream fixed-upstream

Hi

An assert is triggered by wrapped strings, see [1,2]. The patch
applied to the new upstream version was to comment out the assertion
and let the parser fail.

 [1] 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
 [2] http://www.openwall.com/lists/oss-security/2014/11/28/1
 [3] 
https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libyaml-libyaml-perl
Source-Version: 0.33-1+squeeze4

We believe that the bug you reported is fixed in the latest version of
libyaml-libyaml-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Thorsten Alteholz <[email protected]> (supplier of updated 
libyaml-libyaml-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 14 Dec 2014 14:05:24 +0100
Source: libyaml-libyaml-perl
Binary: libyaml-libyaml-perl
Architecture: source i386
Version: 0.33-1+squeeze4
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Thorsten Alteholz <[email protected]>
Description: 
 libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation
Closes: 771365
Changes: 
 libyaml-libyaml-perl (0.33-1+squeeze4) squeeze-lts; urgency=high
 .
   * Non-maintainer upload by the Squeeze LTS Team.
   * Add CVE-2014-9130.patch patch.
     Fix CVE-2014-9130: assertion failure caused by wrapped strings.
     (Closes: #771365)
Checksums-Sha1: 
 0da297f1fee07fed53833be1744d2ed43c2df9a1 2175 
libyaml-libyaml-perl_0.33-1+squeeze4.dsc
 1c058fc54ffdedd39d8a93926ac3bedda94fdb71 146030 
libyaml-libyaml-perl_0.33.orig.tar.gz
 059a820eafba84bc48d6fa0b06166fb9283fa596 5463 
libyaml-libyaml-perl_0.33-1+squeeze4.debian.tar.gz
 0b488cfde5095ab2f4811d75b01dff9113e2ab46 74514 
libyaml-libyaml-perl_0.33-1+squeeze4_i386.deb
Checksums-Sha256: 
 97b3094dc00648cb263e57fd437b354ce352062db89238f9aa54def5ca9d5c46 2175 
libyaml-libyaml-perl_0.33-1+squeeze4.dsc
 70c4f7604aeedfc374b64c94745963391eea192d285ffbf4234c4463d78363bc 146030 
libyaml-libyaml-perl_0.33.orig.tar.gz
 50387c2d31a7c934a088b75201e58ddf06f80050adc622ddd69e06494fbfde9e 5463 
libyaml-libyaml-perl_0.33-1+squeeze4.debian.tar.gz
 be55339c91239cec348856e54d8477581e2b0c85e499779edd31d2c713af814c 74514 
libyaml-libyaml-perl_0.33-1+squeeze4_i386.deb
Files: 
 30513df83754e9a8660c15d68026e5ac 2175 perl optional 
libyaml-libyaml-perl_0.33-1+squeeze4.dsc
 001a21618af05ee3a12dbb8cd6bd9b13 146030 perl optional 
libyaml-libyaml-perl_0.33.orig.tar.gz
 0626daf905d91afc4de6286ca8d825ff 5463 perl optional 
libyaml-libyaml-perl_0.33-1+squeeze4.debian.tar.gz
 b553e70c4bf8d4982c15813f9d6a1ef5 74514 perl optional 
libyaml-libyaml-perl_0.33-1+squeeze4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQJ8BAEBCgBmBQJUjY9DXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHybIP/0BzjJz+nUUeVnZMWT15OpSf
oSsn21p2fJiwTaGNSEAnHJqkl/7G/fJ11UBqanaZnTpYglojnaz9TWasFTuvLrav
ge6MmJ23+qwHFwjYsDSHhciDvuwkZSg294LCS7p3x+lj7C/EOBMXWCV9VK/oNb5v
bKSCwKeFAARd2/jgTc25y1VoP/mfmhbOpNqrW62+reMRJMooddopkSkPx6HgfXDj
9wfkQBg3t390UPokzDWql6HOPeu8PQfKV/swUWyDOMn6LDo4kgaTW6H4UGLrUvI1
gMpkLGTu+l6sQLIrH43FpMxb1mfUAgc1JAyH/apQDTin0yUlMtQRSCSKZ65bB6eE
emX3pxU92FUf+YFKAEoOSKPzHztt4SqOkPdfKYsmzv8nT5KlHrk4ZQVpHi4wv3oH
+Eo4vLFZaUxs4RgkE/jDRWMHdbeGeMlu8c1lFhIntYRCOU/GThzR1VR49Ao4/Zg3
Vd47pLnH1mhGDTxz3n0PvZdIJDo2JzyEvsh0DEfMkz4oYOgxwp9QrSxvMeJKy2Gt
E7ry8ZeyE7jiAB9cyIqKoSi4Q8US44FqWCaJK1CN8N/UHYB614JltLuynQKMjxTT
BbDUHqALo+QSQr3QTsbZI/1EwF66+cmwKJ1W+3eMf4JEZgn0DnfVMO77fw06z/XC
M2yPW5osUVOOLr172Ebn
=fXEl
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to