Summary: | <dev-libs/libyaml-0.1.6: input sanitization errors (oCERT-2014-003) (CVE-2014-2525) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | radhermit |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2014/03/26/12 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2014-03-27 09:36:55 UTC
Arches, please stabilize libyaml-0.1.6. Stable for HPPA. amd64 stable x86 stable arm stable CVE-2014-2525 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-2525): Heap-based buffer overflow in the yaml_parser_scan_uri_escapes function in LibYAML before 0.1.6 allows context-dependent attackers to execute arbitrary code via a long sequence of percent-encoded characters in a URI in a YAML file. ppc stable alpha stable ppc64 stable ia64 stable sparc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. Arches and Maintainer(s), Thank you for your work. Added to new GLSA Request This issue was resolved and addressed in GLSA 201405-27 at http://security.gentoo.org/glsa/glsa-201405-27.xml by GLSA coordinator Sergey Popov (pinkbyte). |