[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 110-1] libyaml security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libyaml
Version        : 0.1.3-1+deb6u5
CVE ID         : CVE-2014-9130
Debian Bug     : 771366

Jonathan Gray and Stanislaw Pitucha found an assertion failure in the
way wrapped strings are parsed in LibYAML, a fast YAML 1.1 parser and
emitter library. An attacker able to load specially crafted YAML input
into an application using libyaml could cause the application to crash.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJUjZYBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHujwP/josIVtzX0PFm0tNIlpUggQZ
N0JATlJT1iCu4TW9v0UZg9LVSDqdO9slxXe+wJMccQiQOKTskb4R6Bv7uMWnxaZz
hZ660P55j3JkgaO9rX51c+zORcmRZ3YHFmp8xPFh/02AnWPfUPF9XFm1qFP1Mi8P
+XopY3ltVKhoWtJE43ad1jWB3Q7gG88GxSEqiWsZvfo/NylJyvR4t5inkZBh8kk6
ba7g+PEC8eUBtZilcMUnws2g247cEOkNSAWQVMDSvxNzYnYLTgFNEXrnhyw1KZI7
QOESYj2kA3w9Me83r2lQ/WUVXLPkzkYOcWZPKEAfLKh8M8ZFURBoAyN/q3grvNqI
3ob4tr3noogOF4gn8vU63Aobm33L0Wf3Yeerh2vW1VzBWZSAAP6h+tfY8ApYNFiw
Q/Xu3Yh06MhrNFLYoFkxJTb5/TeoNNnfkAtD0A2UVU0bhBayqus8qSCzbS15qEMs
hbML9SBi4ZTMQmmVtLJ+BjMBIkiPYnbY5rd5/JshUd2PBXngv0hT4DQgVXfS4JN0
bi8bc5uk8XHuRPq4cEVgJqn0vU6hHdHsm7c1kj7rsxJPglLK9tcPHbj6ggK92f6/
D5jbjFBWX65BXo7ydRV/i5QfwY4kMVddVWEfm+uHJxIW7cRM7NVE6nB0HRTXjRVI
lsACIN2cLFDSBiqgcV0w
=tezj
-----END PGP SIGNATURE-----


Reply to: