*** This bug is a security vulnerability *** Public security bug reported:
https://bugzilla.redhat.com/show_bug.cgi?id=1033990 "A heap-based buffer overflow flaw was found in the way libyaml parsed YAML tags. A remote attacker could provide a specially-crafted YAML document that, when parsed by an application using libyaml, would cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application." Fixed in Debian package 0.1.4-2+deb7u2 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737076 That fix has been merged into Trusty already (0.1.4-3ubuntu1) but no others. ** Affects: libyaml (Ubuntu) Importance: Undecided Status: New ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2013-6393 ** Information type changed from Private Security to Public Security -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libyaml in Ubuntu. https://bugs.launchpad.net/bugs/1276156 Title: CVE-2013-6393 libyaml: heap-based buffer overflow when parsing YAML tags To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1276156/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs