Author: kitterman Date: 2014-12-12 13:50:47 +0000 (Fri, 12 Dec 2014) New Revision: 30703
Modified: data/CVE/list Log: Add fixed version and upstream commit reference for pyyaml CVE-2014-9130 Modified: data/CVE/list =================================================================== --- data/CVE/list 2014-12-12 13:31:58 UTC (rev 30702) +++ data/CVE/list 2014-12-12 13:50:47 UTC (rev 30703) @@ -887,10 +887,11 @@ CVE-2014-9130 (scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka ...) - libyaml 0.1.6-3 (bug #771366) - libyaml-libyaml-perl 0.41-6 (bug #771365) - - pyyaml <unfixed> (bug #772815) + - pyyaml 3.11-2 (bug #772815) NOTE: https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure NOTE: https://bitbucket.org/xi/libyaml/commits/2b9156756423e967cfd09a61d125d883fca6f4f2 NOTE: for pyyaml: might be need to be removed here (no-CVE assigned) or separate CVE + NOTE: for pyyaml: https://bitbucket.org/xi/pyyaml/commits/ddf211a41bb231c365fece5599b7e484e6dc33fc/raw/ CVE-2014-9117 (MantisBT before 1.2.18 uses the public_key parameter value as the key ...) - mantis <removed> [squeeze] - mantis <end-of-life> (Unsupported in squeeze-lts) _______________________________________________ Secure-testing-commits mailing list Secure-testing-commits@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits