https://bugzilla.redhat.com/show_bug.cgi?id=1169369 Bug ID: 1169369 Summary: CVE-2014-9130 libyaml: assert failure when processing wrapped strings Product: Security Response Component: vulnerability Keywords: Security Severity: medium Priority: medium Assignee: security-response-team@xxxxxxxxxx Reporter: mprpic@xxxxxxxxxx CC: abaron@xxxxxxxxxx, aortega@xxxxxxxxxx, apatters@xxxxxxxxxx, apevec@xxxxxxxxxx, ayoung@xxxxxxxxxx, bhu@xxxxxxxxxx, bkearney@xxxxxxxxxx, bleanhar@xxxxxxxxxx, cbillett@xxxxxxxxxx, ccoleman@xxxxxxxxxx, chrisw@xxxxxxxxxx, cpelland@xxxxxxxxxx, cperry@xxxxxxxxxx, dajohnso@xxxxxxxxxx, dallan@xxxxxxxxxx, dclarizi@xxxxxxxxxx, dmcphers@xxxxxxxxxx, esammons@xxxxxxxxxx, gkotton@xxxxxxxxxx, gmccullo@xxxxxxxxxx, iboverma@xxxxxxxxxx, jdetiber@xxxxxxxxxx, jeckersb@xxxxxxxxxx, jhardy@xxxxxxxxxx, jialiu@xxxxxxxxxx, jkeck@xxxxxxxxxx, jmatthew@xxxxxxxxxx, joelsmith@xxxxxxxxxx, jokerman@xxxxxxxxxx, jorton@xxxxxxxxxx, jplesnik@xxxxxxxxxx, jprause@xxxxxxxxxx, jrafanie@xxxxxxxxxx, jross@xxxxxxxxxx, jvlcek@xxxxxxxxxx, katello-bugs@xxxxxxxxxx, kseifried@xxxxxxxxxx, lhh@xxxxxxxxxx, lmeyer@xxxxxxxxxx, lpeer@xxxxxxxxxx, markmc@xxxxxxxxxx, matt@xxxxxxxxxx, mburns@xxxxxxxxxx, mcressma@xxxxxxxxxx, mmaslano@xxxxxxxxxx, mmccomas@xxxxxxxxxx, mmccune@xxxxxxxxxx, mmcgrath@xxxxxxxxxx, mmraka@xxxxxxxxxx, mrg-program-list@xxxxxxxxxx, obarenbo@xxxxxxxxxx, paul@xxxxxxxxxxxx, perl-devel@xxxxxxxxxxxxxxxxxxxxxxx, pmyers@xxxxxxxxxx, rbryant@xxxxxxxxxx, rhos-maint@xxxxxxxxxx, sclewis@xxxxxxxxxx, taw@xxxxxxxxxx, tjay@xxxxxxxxxx, tomckay@xxxxxxxxxx, tremble@xxxxxxxxxxxxxx, tsanders@xxxxxxxxxx, williams@xxxxxxxxxx, xlecauch@xxxxxxxxxx, yeylon@xxxxxxxxxx An assertion failure was found in the way the libyaml library parsed wrapped strings. An attacker able to load specially crafted YAML input into an application using libyaml could cause the application to crash. This issue was reported upstream at [1]; a patch that fixes this issue is available at [2]. [1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure [2] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a -- You are receiving this mail because: You are on the CC list for the bug. Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qABK91j78H&a=cc_unsubscribe -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl perl-devel mailing list perl-devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/perl-devel
