Source: yaml-cpp Version: 0.6.2-4 Severity: important Tags: security upstream Forwarded: https://github.com/jbeder/yaml-cpp/issues/657
Hi, The following vulnerability was published for yaml-cpp. CVE-2019-6292[0]: | An issue was discovered in singledocparser.cpp in yaml-cpp (aka | LibYaml-C++) 0.6.2. Stack Exhaustion occurs in YAML::SingleDocParser, | and there is a stack consumption problem caused by recursive stack | frames: HandleCompactMap, HandleMap, HandleFlowSequence, | HandleSequence, HandleNode. Remote attackers could leverage this | vulnerability to cause a denial-of-service via a cpp file. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-6292 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6292 [1] https://github.com/jbeder/yaml-cpp/issues/657 Please adjust the affected versions in the BTS as needed. Regards, Salvatore