Summary: | <dev-python/pyyaml-5.3.1: (further) insufficient restrictions on full_load function (CVE-2020-1747) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | mgorny, python |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/yaml/pyyaml/pull/386 | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=710658 https://bugs.gentoo.org/show_bug.cgi?id=766228 |
||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
dev-python/pyyaml-5.3.1
|
Runtime testing required: | --- |
Description
Sam James
2020-03-24 15:00:40 UTC
@maintainer(s), please advise if 5.3.1 is ready for stabilisation, or call yourself. It's a minor release, so I suppose we can stabilize it earlier. (In reply to Michał Górny from comment #2) > It's a minor release, so I suppose we can stabilize it earlier. Thanks for the quick response. SuperH port disbanded. arm stable ppc stable ppc64 stable s390 stable sparc stable x86 stable amd64 stable arm64 stable commit b4d062b92cd0ac405468a7ed8d553dd206c5b4a7 Author: Rolf Eike Beer <eike@sf-mail.de> Date: Fri Mar 27 08:38:42 2020 +0100 dev-python/pyyaml: stable 5.3.1 for hppa, bug #714182 ia64 stable m68k dropped stable keywords @maintainer(s), please cleanup GLSA Vote: No Please drop vulnerable versions Bug 714866 is not blocking cleanup (anymore, fixed since bug 708682). Also, this vulnerability affects pyyaml-5.1+ only. From this bug it's not required to cleanup =3.13. |