clone 861958 -1
reassign -1 libyaml-syck-perl
retitle -1 libyaml-syck-perl: Unconditionally instantiates objects from yaml
data
thanks
This problem exists in libyaml-syck-perl as well. However, disabling
this feature will be easier since there's already a switch ("LoadBlessed").
Christoph
#!
Processing commands for cont...@bugs.debian.org:
> clone 861958 -1
Bug #861958 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug 861958 cloned as bug 862475
> reassign -1 libyaml-syck-perl
Bug #862475 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug reassigned from pac
clone 861958 -1
reassign -1 libyaml-libyaml-perl
retitle -1 libyaml-libyaml-perl: Unconditionally instantiates objects from yaml
data
thanks
Dominique Dumont wrote...
> On samedi 6 mai 2017 13:01:50 CEST you wrote:
> > This module is happy to deserialize objects of any existing Perl class. For
Processing commands for cont...@bugs.debian.org:
> clone 861958 -1
Bug #861958 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug 861958 cloned as bug 862373
> reassign -1 libyaml-libyaml-perl
Bug #862373 [lintian] lintian: insecure YAML validation [CVE-2017-8829]
Bug reassigned from
Dominique Dumont:
> Ive logged a bug to upstream YAML parser library:
>
> https://github.com/ingydotnet/yaml-pm/issues/176
>
> HTH
>
Thanks. :)
~Niels
Ive logged a bug to upstream YAML parser library:
https://github.com/ingydotnet/yaml-pm/issues/176
HTH
On samedi 6 mai 2017 13:01:50 CEST you wrote:
> Lintian uses the YAML::XS module to validate YAML in
> debian/upstream/metadata.
Unless debian/upstream/metadata needs fancy YAML format (e.g. anchor alias
tags ...), the easiest way out it to use YAML::Tiny instead of YAML::XS. This
should be a dr
7 matches
Mail list logo
