[Secure-testing-commits] r30703 - data/CVE

Scott Kitterman Fri, 12 Dec 2014 05:51:07 -0800

Author: kitterman
Date: 2014-12-12 13:50:47 +0000 (Fri, 12 Dec 2014)
New Revision: 30703


Modified:
   data/CVE/list
Log:
Add fixed version and upstream commit reference for pyyaml CVE-2014-9130

Modified: data/CVE/list
===================================================================
--- data/CVE/list       2014-12-12 13:31:58 UTC (rev 30702)
+++ data/CVE/list       2014-12-12 13:50:47 UTC (rev 30703)
@@ -887,10 +887,11 @@
 CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the 
YAML-LibYAML (aka ...)
        - libyaml 0.1.6-3 (bug #771366)
        - libyaml-libyaml-perl 0.41-6 (bug #771365)
-       - pyyaml <unfixed> (bug #772815)
+       - pyyaml 3.11-2 (bug #772815)
        NOTE: 
https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure
        NOTE: 
https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2
        NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or 
separate CVE
+       NOTE: for pyyaml: 
https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/
 CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as 
the key ...)
        - mantis <removed>
        [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts)


_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits

[Secure-testing-commits] r30703 - data/CVE

Reply via email to