Source: libyaml Version: 0.1.4-2 Severity: important Tags: security upstream patch
Hi, An assert is triggered by wrapped strings, see [1,2,3]. Proposed commit in [4] comments out the assertion and let the parser fail. CVE-2014-9130 was assigned for this reachable assertion in scanner.c. [1] https://bitbucket.org/xi/libyaml/issue/10/wrapped-strings-cause-assert-failure [2] http://www.openwall.com/lists/oss-security/2014/11/28/1 [3] https://security-tracker.debian.org/CVE-2014-9130 [4] https://github.com/yaml/libyaml/commit/e6aa721cc0e5a48f408c52355559fd36780ba32a Regards, Salvatore -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
