Your message dated Sat, 03 Jan 2015 17:03:34 +0000
with message-id <e1y7s6w-0004jj...@franck.debian.org>
and subject line Bug#772815: fixed in pyyaml 3.09-5+deb6u1
has caused the Debian Bug report #772815,
regarding pyyaml: CVE-2014-9130
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
772815: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=772815
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: pyyaml
Severity: grave
Tags: security
Hi,
CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
reproducer.
Cheers,
Moritz
import yaml
import codecs
with codecs.open('CVE-2014-9130.yaml', 'r') as stream:
foo = yaml.load(stream)
for key, value in foo.items():
setattr(self, key, value)
abc:
def: 'xxx
' ghi: 'yyy'
--- End Message ---
--- Begin Message ---
Source: pyyaml
Source-Version: 3.09-5+deb6u1
We believe that the bug you reported is fixed in the latest version of
pyyaml, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 772...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Thorsten Alteholz <deb...@alteholz.de> (supplier of updated pyyaml package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 03 Jan 2015 16:00:21 +0100
Source: pyyaml
Binary: python-yaml python-yaml-dbg python3-yaml python3-yaml-dbg
Architecture: source i386
Version: 3.09-5+deb6u1
Distribution: squeeze-lts
Urgency: high
Maintainer: Debian Python Modules Team
<python-modules-team@lists.alioth.debian.org>
Changed-By: Thorsten Alteholz <deb...@alteholz.de>
Description:
python-yaml - YAML parser and emitter for Python
python-yaml-dbg - YAML parser and emitter for Python
python3-yaml - YAML parser and emitter for Python3
python3-yaml-dbg - YAML parser and emitter for Python3
Closes: 772815
Changes:
pyyaml (3.09-5+deb6u1) squeeze-lts; urgency=high
.
* Non-maintainer upload by the Squeeze LTS Team.
* Add CVE-2014-9130.patch.
CVE-2014-9130: assert failure when processing wrapped strings.
(Closes: #772815)
Checksums-Sha1:
80921e2de47698b41d8995adbbe53ec066db0c86 2154 pyyaml_3.09-5+deb6u1.dsc
6131d6a42bbd3e88d7efa3784d69395a136267be 238383 pyyaml_3.09.orig.tar.gz
58d947f79936e770ecaadd87bea9955c418b7c24 4045 pyyaml_3.09-5+deb6u1.diff.gz
baa2dca48b760631a37dda66e7bf5ac5a88da9ce 165114
python-yaml_3.09-5+deb6u1_i386.deb
01018f4278468ad59143d7ce966b84b4bc415359 155984
python-yaml-dbg_3.09-5+deb6u1_i386.deb
2ac2a59df1d27b548a044d6d591923e45676701d 96162
python3-yaml_3.09-5+deb6u1_i386.deb
8a2b2a494729bda5c4b5f2b6ca647941b8af9d39 80648
python3-yaml-dbg_3.09-5+deb6u1_i386.deb
Checksums-Sha256:
420b308f16c99c07815404ff7350b4234875458000084e26f77daa8501c365a4 2154
pyyaml_3.09-5+deb6u1.dsc
30076d51387cca35d461c8b36408de189d31f17e44d45cd2200bbd2d02f555c1 238383
pyyaml_3.09.orig.tar.gz
a10a388cb139fcc681a04775f44d4333d12b1a799024a301fe2018f4ba534589 4045
pyyaml_3.09-5+deb6u1.diff.gz
1e0f61e46f20de78cf3107dd15ec0a19bdb963a0c2d3f028f0007f834481bde6 165114
python-yaml_3.09-5+deb6u1_i386.deb
89f923ccef63a6e423f04e77e472ac520793fd4d3ea8c6cf70f018b8a450b874 155984
python-yaml-dbg_3.09-5+deb6u1_i386.deb
d36aba653fe597b4e7e5a7d6ef2e6291e2c202a4e4aa6ffbc04b6ad5c45b7873 96162
python3-yaml_3.09-5+deb6u1_i386.deb
56e562774f06e0dbab27adf96245ad2941ff67fa6a65f52b2144a77e10ffd33e 80648
python3-yaml-dbg_3.09-5+deb6u1_i386.deb
Files:
9f68b6d97c3195efa33cf56be67912ba 2154 python optional pyyaml_3.09-5+deb6u1.dsc
f219af2361e87fdc5e85e95b84c11d87 238383 python optional pyyaml_3.09.orig.tar.gz
c8d4ea18218ee20c342d4b50dcc4b45c 4045 python optional
pyyaml_3.09-5+deb6u1.diff.gz
a30457db031e8ba46a819d9cc35d4112 165114 python optional
python-yaml_3.09-5+deb6u1_i386.deb
41e69069de1e19208105b0587d09ca99 155984 debug extra
python-yaml-dbg_3.09-5+deb6u1_i386.deb
ede48a150d9fa32690bece2cde0aa855 96162 python optional
python3-yaml_3.09-5+deb6u1_i386.deb
6985bde51e948f94df57892f4fe71857 80648 debug extra
python3-yaml-dbg_3.09-5+deb6u1_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQJ8BAEBCgBmBQJUqBy9XxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHovsP+QHd37Rv7js6f2tbPL3cNxvM
qNd814P2I4hJsBRJpdChIv0PdWXZ5QdN1zedy6eGPAUcqEmEqKm/LKA4Bo0KE4k4
c6Gk91bg7rWhuYGwAMEmRGR3+hJ1LCnX3AvplWDS47l66J4bYQmF4lVH9Y1X/mfE
SRQhjI6qmex1g3d6bp02ikRoo6wNLBTGnJmpu+lQU3VfhLAPmJXCkWiasIEOPfKU
qp6bc6+jSdqCKpZeLioOHG69HTbuZnS/nufj+cWu7n/sRi1BKV+qP6GRl9F1haFb
ggJR2L5/b9ngCFQoQAmr1/u/l+PF70MlRYhVg+WSa38EZj7wxL2Lf87D3IO8a4Lq
C3T4D5KT7Hej1SfhncplCRSQzrzgNIltSWxYxNJ7v468WfsuIAo4BhtwanrPXUlR
JXJ7+87FAQlEY3MA04FJgDDPBTUQSIB9FRokBB2WPmEdNbv6tYDlrgiBkLefS1bU
iXsbOf9/TrnezQa7VGoqZfdAaieSkmN83uAgrJ2Qm8+cxt9i69nuz1bQLoPMHm22
ImC+/DyeetzlitKMpvD4NnCVUnXAiEE/Z09KWpzhKDkjm4JTv/+d9GVx3jrB87us
u5T7qdpOo6IFLxuhk3ySNTEFSYpVKsGztyjU9+YSA6y42pyCqc+ktecTrNXfruLW
JJL3ua39pwiVTYwcwoDM
=9b5G
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
Python-modules-team@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team
