From ${URL} : An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This issue was reported upstream at [1]; a patch that fixes this issue is available at [2]. [1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure [2] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
CVE-2014-9130 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-9130): scanner.c in LibYAML 0.1.5 and 0.1.6, as used in the YAML-LibYAML (aka YAML-XS) module for Perl, allows context-dependent attackers to cause a denial of service (assertion failure and crash) via vectors involving line-wrapping.
This was fixed via https://github.com/yaml/libyaml/commit/946596172d140497b560e016e581accb0a92cca4 which was first released with v0.1.7. @ Arches, please test and mark stable: =dev-libs/libyaml-0.1.7
Stable on alpha.
amd64 stable
x86 stable
arm stable
Stable for HPPA.
sparc stable
ppc stable
ia64 stable
ppc64 stable. Maintainer(s), please cleanup. Security, please vote.
tree is clean GLSA Vote: No