A format string vulnerability has been found in dev-perl/YAML-LibYAML. There are a collection of references from the oss-security post at http://www.openwall.com/lists/oss-security/2012/03/10/4: > > References: > [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=661548 > [2] https://bugzilla.redhat.com/show_bug.cgi?id=801738 > > CPAN tickets: > [3] https://rt.cpan.org/Public/Bug/Display.html?id=75365 > [4] https://rt.cpan.org/Public/Bug/Display.html?id=46507 > > Proposed patch: > [5] > https://rt.cpan.org/Ticket/Attachment/920541/477607/YAML-LibYAML-0.35-format-error.patch
Patch applied in YAML-LibYAML-0.380.0-r1. Thanks
Thank you, Torsten. Closing noglsa for ~arch only package.
CVE-2012-1152 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1152): Multiple format string vulnerabilities in the error reporting functionality in the YAML::LibYAML (aka YAML-LibYAML and perl-YAML-LibYAML) module 0.38 for Perl allow remote attackers to cause a denial of service (process crash) via format string specifiers in a (1) YAML stream to the Load function, (2) YAML node to the load_node function, (3) YAML mapping to the load_mapping function, or (4) YAML sequence to the load_sequence function.