Summary: | <dev-python/pyyaml-5.4: Deserialization vulnerability (CVE-2020-14343) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sam James <sam> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | mgorny, python |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://bugs.gentoo.org/show_bug.cgi?id=714182 | ||
Whiteboard: | B2 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
Sam James
![]() ![]() ![]() ![]() The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e095455ebcf69605fe4f34332176da8198e7e333 commit e095455ebcf69605fe4f34332176da8198e7e333 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-20 01:35:12 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-20 01:35:12 +0000 dev-python/pyyaml: security bump to 5.4 Bug: https://bugs.gentoo.org/766228 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-python/pyyaml/Manifest | 1 + dev-python/pyyaml/pyyaml-5.4.ebuild | 49 +++++++++++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa1134a0a3e13f71d47fe7d3b84590e96eb1be16 commit fa1134a0a3e13f71d47fe7d3b84590e96eb1be16 Author: Sam James <sam@gentoo.org> AuthorDate: 2021-01-20 23:01:57 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2021-01-20 23:02:03 +0000 dev-python/pyyaml: bump to 5.4.1 Bug: https://bugs.gentoo.org/766228 Package-Manager: Portage-3.0.13, Repoman-3.0.2 Signed-off-by: Sam James <sam@gentoo.org> dev-python/pyyaml/Manifest | 2 +- dev-python/pyyaml/{pyyaml-5.4.ebuild => pyyaml-5.4.1.ebuild} | 0 2 files changed, 1 insertion(+), 1 deletion(-) amd64 stable sparc done s390 done x86 stable ppc64 done ppc done arm done arm64 done hppa already stable Please cleanup Ping Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Package list is empty or all packages have requested keywords. Can we close this now? The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=e549b151411e283e5129e0b82b21b1fc7c93bcd7 commit e549b151411e283e5129e0b82b21b1fc7c93bcd7 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2024-02-26 15:44:41 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2024-02-26 15:45:06 +0000 [ GLSA 202402-33 ] PyYAML: Arbitrary Code Execution Bug: https://bugs.gentoo.org/766228 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202402-33.xml | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) |