| Summary: | <dev-java/snakeyaml-1.33: multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | John Helmert III <ajak> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | IN_PROGRESS --- | ||
| Severity: | minor | CC: | java |
| Priority: | Normal | Keywords: | PullRequest |
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| See Also: |
https://github.com/gentoo/gentoo/pull/26872 https://github.com/gentoo/gentoo/pull/27353 https://github.com/gentoo/gentoo/pull/27758 |
||
| Whiteboard: | B3 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
| Bug Depends on: | 875794 | ||
| Bug Blocks: | |||
|
Description
John Helmert III
2022-09-05 16:50:31 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=27e3c02d10c1eae2bf8489ed83252520868d3c9d commit 27e3c02d10c1eae2bf8489ed83252520868d3c9d Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-09-05 18:08:26 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-09-06 08:20:19 +0000 dev-java/snakeyaml: add 1.31 Bug: https://bugs.gentoo.org/868621 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Closes: https://github.com/gentoo/gentoo/pull/26872 Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/snakeyaml/Manifest | 1 + dev-java/snakeyaml/snakeyaml-1.31.ebuild | 86 ++++++++++++++++++++++++++++++++ 2 files changed, 87 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ebf583e5509c4abe3b6af74710eddf02c54376d8 commit ebf583e5509c4abe3b6af74710eddf02c54376d8 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-09-19 08:36:30 +0000 Commit: Florian Schmaus <flow@gentoo.org> CommitDate: 2022-10-03 07:53:40 +0000 dev-java/snakeyaml: add 1.33 CVE-2022-3875{1,2} Bug: https://bugs.gentoo.org/868621 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Florian Schmaus <flow@gentoo.org> dev-java/snakeyaml/Manifest | 1 + dev-java/snakeyaml/snakeyaml-1.33.ebuild | 74 ++++++++++++++++++++++++++++++++ 2 files changed, 75 insertions(+) The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=010dc6c07ddc9a929644b88c8247d78ffea52452 commit 010dc6c07ddc9a929644b88c8247d78ffea52452 Author: Volkmar W. Pogatzki <gentoo@pogatzki.net> AuthorDate: 2022-10-12 19:43:51 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2022-10-12 20:02:05 +0000 dev-java/snakeyaml: drop 1.30-r1 Bug: https://bugs.gentoo.org/868621 Signed-off-by: Volkmar W. Pogatzki <gentoo@pogatzki.net> Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> dev-java/snakeyaml/Manifest | 1 - .../files/snakeyaml-1.30-fix-test-check.patch | 18 ----- dev-java/snakeyaml/snakeyaml-1.30-r1.ebuild | 91 ---------------------- 3 files changed, 110 deletions(-) (In reply to John Helmert III from comment #0) > CVE-2022-38749 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47024): > https://bitbucket.org/snakeyaml/snakeyaml/issues/525/got-stackoverflowerror- > for-many-open > > Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of > Service attacks (DOS). If the parser is running on user supplied input, an > attacker may supply content that causes the parser to crash by stackoverflow. > > CVE-2022-38750 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47027): > https://bitbucket.org/snakeyaml/snakeyaml/issues/526/stackoverflow-oss-fuzz- > 47027 > > Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of > Service attacks (DOS). If the parser is running on user supplied input, an > attacker may supply content that causes the parser to crash by stackoverflow. > > CVE-2022-38751 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47039): > https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz- > 47039 > > Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of > Service attacks (DOS). If the parser is running on user supplied input, an > attacker may supply content that causes the parser to crash by stackoverflow. > > CVE-2022-38752 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47081): > https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz- > 47081 > > Using snakeYAML to parse untrusted YAML files may be vulnerable to Denial of > Service attacks (DOS). If the parser is running on user supplied input, an > attacker may supply content that causes the parser to crash by > stack-overflow. > > First two are fixed in 1.31, second two are unfixed. According to: https://bitbucket.org/snakeyaml/snakeyaml/issues/530/stackoverflow-oss-fuzz-47039 https://bitbucket.org/snakeyaml/snakeyaml/issues/531/stackoverflow-oss-fuzz-47081 Fixes should be in 1.33 GLSA request filed |