From ${URL} : The SingleDocParser::HandleNode function in yaml-cpp allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Upstream bug: https://github.com/jbeder/yaml-cpp/issues/459 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40eeb5defc05e61c4e03830e6f071e8c1d629f68 commit 40eeb5defc05e61c4e03830e6f071e8c1d629f68 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2018-02-27 10:41:23 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-03-29 18:38:21 +0000 dev-cpp/yaml-cpp: version bump to 0.6.2 Bug: https://bugs.gentoo.org/614850 Closes: https://bugs.gentoo.org/638326 Closes: https://github.com/gentoo/gentoo/pull/7294 Package-Manager: Portage-2.3.26, Repoman-2.3.7 Signed-off-by: Johannes Huber <johu@gentoo.org> dev-cpp/yaml-cpp/Manifest | 1 + .../files/yaml-cpp-0.6.2-CVE-2017-5950.patch | 45 ++++++++++++++ .../files/yaml-cpp-0.6.2-unbundle-gtest.patch | 70 ++++++++++++++++++++++ dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild | 41 +++++++++++++ 4 files changed, 157 insertions(+)}
Dear arches, please stabilize dev-cpp/yaml-cpp-0.6.2. Thanks in advance.
x86 stable
amd64 stable
ppc/ppc64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee604746b688a9631001dff1618b97dd4ad1aa46 commit ee604746b688a9631001dff1618b97dd4ad1aa46 Author: Johannes Huber <johu@gentoo.org> AuthorDate: 2018-06-02 15:52:51 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-06-02 15:52:51 +0000 dev-cpp/yaml-cpp: Remove 0.5.3-r1 Bug: https://bugs.gentoo.org/614850 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-cpp/yaml-cpp/Manifest | 1 - dev-cpp/yaml-cpp/files/yaml-cpp-0.5.3-gcc6.patch | 44 ------------------------ dev-cpp/yaml-cpp/yaml-cpp-0.5.3-r1.ebuild | 37 -------------------- 3 files changed, 82 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=420ece48c6a889140665bfe37e784b8526c52107 commit 420ece48c6a889140665bfe37e784b8526c52107 Author: Johannes Huber <johu@gentoo.org> AuthorDate: 2018-06-02 15:51:36 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-06-02 15:51:36 +0000 dev-cpp/yaml-cpp: Remove 0.5.3 (r0) Bug: https://bugs.gentoo.org/614850 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-cpp/yaml-cpp/yaml-cpp-0.5.3.ebuild | 37 ---------------------------------- 1 file changed, 37 deletions(-)
Cleanup done.
Thanks, Johannes!
