From https://bugzilla.redhat.com/1806005 : PyYAML 5.1 through 5.1.2 has insufficient restrictions on the load and load_all functions because of a class deserialization issue, e.g., Popen is a class in the subprocess module. NOTE: this issue exists because of an incomplete fix for CVE-2017-18342. References: https://github.com/yaml/pyyaml/blob/master/CHANGES @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
Does it matter if we're banning those insecure functions entirely?
Either way, 5.3 seems to be ready to go stable, so let's stabilize it.
x86 stable
amd64 stable
s390 stable
ppc stable
ppc64 stable
arm stable
sparc stable
ia64 stable
hppa stable
arm64 stable
SuperH port disbanded.
m68k dropped stable keywords
@maintainer(s), please cleanup
GLSA Vote: No Thank you all for you work. Closing as [noglsa].