| Summary: | <dev-cpp/yaml-cpp-0.6.2: infinite loop (CVE-2017-5950) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | minor | CC: | johu |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1439662 | ||
| See Also: | https://github.com/gentoo/gentoo/pull/7294 | ||
| Whiteboard: | B3 [noglsa cve] | ||
| Package list: |
dev-cpp/yaml-cpp-0.6.2
|
Runtime testing required: | --- |
| Bug Depends on: | 651970, 656196 | ||
| Bug Blocks: | |||
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40eeb5defc05e61c4e03830e6f071e8c1d629f68 commit 40eeb5defc05e61c4e03830e6f071e8c1d629f68 Author: Azamat H. Hackimov <azamat.hackimov@gmail.com> AuthorDate: 2018-02-27 10:41:23 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-03-29 18:38:21 +0000 dev-cpp/yaml-cpp: version bump to 0.6.2 Bug: https://bugs.gentoo.org/614850 Closes: https://bugs.gentoo.org/638326 Closes: https://github.com/gentoo/gentoo/pull/7294 Package-Manager: Portage-2.3.26, Repoman-2.3.7 Signed-off-by: Johannes Huber <johu@gentoo.org> dev-cpp/yaml-cpp/Manifest | 1 + .../files/yaml-cpp-0.6.2-CVE-2017-5950.patch | 45 ++++++++++++++ .../files/yaml-cpp-0.6.2-unbundle-gtest.patch | 70 ++++++++++++++++++++++ dev-cpp/yaml-cpp/yaml-cpp-0.6.2.ebuild | 41 +++++++++++++ 4 files changed, 157 insertions(+)} Dear arches, please stabilize dev-cpp/yaml-cpp-0.6.2. Thanks in advance. x86 stable amd64 stable ppc/ppc64 stable The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ee604746b688a9631001dff1618b97dd4ad1aa46 commit ee604746b688a9631001dff1618b97dd4ad1aa46 Author: Johannes Huber <johu@gentoo.org> AuthorDate: 2018-06-02 15:52:51 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-06-02 15:52:51 +0000 dev-cpp/yaml-cpp: Remove 0.5.3-r1 Bug: https://bugs.gentoo.org/614850 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-cpp/yaml-cpp/Manifest | 1 - dev-cpp/yaml-cpp/files/yaml-cpp-0.5.3-gcc6.patch | 44 ------------------------ dev-cpp/yaml-cpp/yaml-cpp-0.5.3-r1.ebuild | 37 -------------------- 3 files changed, 82 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=420ece48c6a889140665bfe37e784b8526c52107 commit 420ece48c6a889140665bfe37e784b8526c52107 Author: Johannes Huber <johu@gentoo.org> AuthorDate: 2018-06-02 15:51:36 +0000 Commit: Johannes Huber <johu@gentoo.org> CommitDate: 2018-06-02 15:51:36 +0000 dev-cpp/yaml-cpp: Remove 0.5.3 (r0) Bug: https://bugs.gentoo.org/614850 Package-Manager: Portage-2.3.40, Repoman-2.3.9 dev-cpp/yaml-cpp/yaml-cpp-0.5.3.ebuild | 37 ---------------------------------- 1 file changed, 37 deletions(-) Cleanup done. Thanks, Johannes! |
From ${URL} : The SingleDocParser::HandleNode function in yaml-cpp allows remote attackers to cause a denial of service (stack consumption and application crash) via a crafted YAML file. Upstream bug: https://github.com/jbeder/yaml-cpp/issues/459 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.