Summary: | <dev-libs/libyaml-0.1.7: assert failure when processing wrapped strings (CVE-2014-9130) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | radhermit |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1169369 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=dev-libs/libyaml-0.1.7
|
Runtime testing required: | --- |
Description
Agostino Sarubbo
![]() CVE-2014-9130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9130): scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping. This was fixed via https://github.com/yaml/libyaml/commit/946596172d140497b560e016e581accb0a92cca4 which was first released with v0.1.7. @ Arches, please test and mark stable: =dev-libs/libyaml-0.1.7 Stable on alpha. amd64 stable x86 stable arm stable Stable for HPPA. sparc stable ppc stable ia64 stable ppc64 stable. Maintainer(s), please cleanup. Security, please vote. tree is clean GLSA Vote: No |