Bug#771365: marked as done (libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert failure)

Sun, 14 Dec 2014 13:21:43 -0800 

Your message dated Sun, 14 Dec 2014 21:17:21 +0000
with message-id <[email protected]>
and subject line Bug#771365: fixed in libyaml-libyaml-perl 0.38-3+deb7u3
has caused the Debian Bug report #771365,
regarding libyaml-libyaml-perl: CVE-2014-9130: Wrapped strings cause assert 
failure
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
771365: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771365
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Source: libyaml-libyaml-perl
Version: 0.38-3
Severity: important
Tags: security upstream fixed-upstream

Hi

An assert is triggered by wrapped strings, see [1,2]. The patch
applied to the new upstream version was to comment out the assertion
and let the parser fail.

 [1] 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
 [2] http://www.openwall.com/lists/oss-security/2014/11/28/1
 [3] 
https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a

Regards,
Salvatore

--- End Message ---
--- Begin Message --- 
Source: libyaml-libyaml-perl
Source-Version: 0.38-3+deb7u3

We believe that the bug you reported is fixed in the latest version of
libyaml-libyaml-perl, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Salvatore Bonaccorso <[email protected]> (supplier of updated 
libyaml-libyaml-perl package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sat, 13 Dec 2014 15:13:24 +0100
Source: libyaml-libyaml-perl
Binary: libyaml-libyaml-perl
Architecture: source amd64
Version: 0.38-3+deb7u3
Distribution: wheezy-security
Urgency: high
Maintainer: Debian Perl Group <[email protected]>
Changed-By: Salvatore Bonaccorso <[email protected]>
Description: 
 libyaml-libyaml-perl - Perl interface to libyaml, a YAML implementation
Closes: 771365
Changes: 
 libyaml-libyaml-perl (0.38-3+deb7u3) wheezy-security; urgency=high
 .
   * Team upload.
   * Add CVE-2014-9130.patch patch.
     Fix CVE-2014-9130: assertion failure caused by wrapped strings.
     (Closes: #771365)
Checksums-Sha1: 
 6c0c007f1de7803626754dda8118ca81c15858b7 2204 
libyaml-libyaml-perl_0.38-3+deb7u3.dsc
 ddf5fcc51d700bdfc95aeff50eb3d29fba795eb0 6630 
libyaml-libyaml-perl_0.38-3+deb7u3.debian.tar.gz
 9ad9b6f80a519796341ca677fb5bb838bb91b1e7 78568 
libyaml-libyaml-perl_0.38-3+deb7u3_amd64.deb
Checksums-Sha256: 
 cca2a45e9516d623252adda68cc1dfba96a874b695040a26d37682f8be6f716d 2204 
libyaml-libyaml-perl_0.38-3+deb7u3.dsc
 bcc4a63430ccb021b417891a9420fd93bab12391f1044806abd5a5f22bbbf7b0 6630 
libyaml-libyaml-perl_0.38-3+deb7u3.debian.tar.gz
 a22928dac42664f94bce255334acc24b77ddd399879316c3388e2123963fcd52 78568 
libyaml-libyaml-perl_0.38-3+deb7u3_amd64.deb
Files: 
 7d5b12aacab91afefcf6f98a39aed6f6 2204 perl optional 
libyaml-libyaml-perl_0.38-3+deb7u3.dsc
 02853005aeabf36c013c03a6fd1cf2c0 6630 perl optional 
libyaml-libyaml-perl_0.38-3+deb7u3.debian.tar.gz
 6ad6b64f9d4b635251fefa4736fbe9ef 78568 perl optional 
libyaml-libyaml-perl_0.38-3+deb7u3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJUjEtVAAoJEAVMuPMTQ89E5g0P/3GjcAOCSRBEf0TXj5tJqT23
KTj8vuozgkJsiPIhJ5VyqYWRbhQs86H0jzqqnwWcPVB41FJfrpaaUFk7T+nDEk8C
LuWDGTUH2YIMqr1KsV9QD8t+IlPSY4s7tQjhyhxqyMjFHDGeGTNvRnaYoa8J5wK0
w82v+tlmWJjKQixtyJa+Byf/YhjtwCiOvMr0IwRHTRnPEd4elqcqih8J5LRMZ+ZA
6dETt1xjQhhgCr8XQ5JVtBvwEpduKjs5MM7oCPOKz/6To5IiqOUbkhd9UxJU7RqU
L1/THywze3qONOI1aZF2aMXQj9l7Ng5HJyYvTsNPRmvouuK58b9/wtuKEACfdCqP
DFvdECCTNXZ3mvccub3MI+XSqvElQo/unkqUwUpDuJh+TFkUQi17hNwd1/U1h8xB
rwwhaQfEP2fg+boU82mkxw48x4HEkGr2+FubdysOcxCpaEpR6TSzwiDSp97bcdwS
+H2ZPwTNZNHsoaDEt6k5KsMoTIUGGdsGACo63vt4w6V26zjAuxZwaaDIrHt0pPve
JGYcwNdmVrmbgiHBvyP6Tju2u0WY+gYSgHHCDRh8fPS+lmzsFwaZgRrEC4FG9vBb
42BFx6yU3jL5YCYoYvmbK0jO0dH9TxQuPbk3ZIXbSCYvoE8TLJxoJxoUSc8gDYIu
TwnbhfhfxxGTvcAnmkRI
=z7UM
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to