949498 – <dev-perl/YAML-LibYAML-0.903.0: Unsafe open use

Bug 949498 - <dev-perl/YAML-LibYAML-0.903.0: Unsafe open use

Summary: <dev-perl/YAML-LibYAML-0.903.0: Unsafe open use

Status:	IN_PROGRESS

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B4 [stable]
Keywords:

Depends on:	951591
Blocks:
	Show dependency tree

Reported:	2025-02-09 06:47 UTC by Sam James
Modified:	2025-03-21 02:56 UTC (History)
CC List:	1 user (show)

See Also:	https://github.com/ingydotnet/yaml-libyaml-pm/issues/120
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Sam James archtester

2025-02-09 06:47:57 UTC

```
v0.903.0 2025-02-03 00:12:41+01:00
 - Security fix: Use 3-arg form of open in LoadFile (issue#120 PR#121)
```

Comment 1 Larry the Git Cow gentoo-dev

2025-02-09 06:55:58 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=31e947be454805d2579b3880d9d6ac3b4894e940

commit 31e947be454805d2579b3880d9d6ac3b4894e940
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2025-02-09 06:48:22 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2025-02-09 06:55:36 +0000

    dev-perl/YAML-LibYAML: add 0.903.0
    
    Bug: https://bugs.gentoo.org/949498
    Signed-off-by: Sam James <sam@gentoo.org>

 dev-perl/YAML-LibYAML/Manifest                    |  1 +
 dev-perl/YAML-LibYAML/YAML-LibYAML-0.903.0.ebuild | 14 ++++++++++++++
 2 files changed, 15 insertions(+)