-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3115-1 security@xxxxxxxxxx http://www.debian.org/security/ Moritz Muehlenhoff December 29, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pyyaml CVE ID : CVE-2014-9130 Debian Bug : 772815 Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way wrapped strings are parsed in Python-YAML, a YAML parser and emitter for Python. An attacker able to load specially crafted YAML input into an application using python-yaml could cause the application to crash. For the stable distribution (wheezy), this problem has been fixed in version 3.10-4+deb7u1. For the upcoming stable distribution (jessie), this problem has been fixed in version 3.11-2. For the unstable distribution (sid), this problem has been fixed in version 3.11-2. We recommend that you upgrade your pyyaml packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBAgAGBQJUochoAAoJEBDCk7bDfE42uksP/iffDvE9L3Wm1DcVVgtWmzgK Piq6PdO3ztbcSW6av53E5MgVDixQgmyqPluWQOU0GGdcbWtpNBbWw7loyLjeu692 d0pVvxtmDQXWaXMcYTMxPnL6mub6HtIUSxeaymiOSeY7kAaV4HOntPQrivMrPM0n hlmtQsu6whSXP3BqaXffL9mGeIVfmknGnMOdkJq41nrSJIkjN/BN+jBca8BHhizA J0ntxYu0CZyLUTKyKWhTTmgxRPWTyyr/+s3a7Xrjn6+Wkj8SF7XP+2NLLLDshY/R tBSfuRmk+tx/249PTXhLEvQvS7mR+FouMfYHsAJjPtIqmxXk6BkRxI3W4I5felP+ ntAGX22o51SAIrm4fQDKlJW5wDowRu1iP7K8uQx2xWhGLo7w3QIreYU1J/ny6Xpe Ms57exgDHnYrmJs68bdAKRHTyZScr+4s/DapW/awBBLap3uhU3qjMfnyj4XDhC+u 5gkIcok8uBxvkS4Sh1zkykNJL8efEY0CeyzNiAMwkSG3qfC9EgSQFh7M8bNg6Iie 8gnGy4WpqecY2lpE5ZmAThlsFmoWhIhM6AVRqKqcSYI/2P4qs/mhxTeTqphh7+xe Fz3r2CNAQtF0T2wU66+BVFg+6IYUkyjHg/GdtGAfvR7UVdNN8fwlao8U+bTaEfD+ EQoTq8Ql4+hnEJR+Sk1r =Usft -----END PGP SIGNATURE-----
