Niels Thykier wrote... > > Deserialization vulnerability in lintian through 2.5.50.3 > > allows attackers to trigger code execution by requesting a review of > > a source package with a crafted YAML file.
In my opinion lintian is just the victim of an issue in the YAML::XS
module (libyaml-libyaml-perl) where serialized objects are
re-instantiatiated unconditionally. To resolve that problem, I've
started a discussion on the debian-perl@ list.
Christoph
signature.asc
Description: Digital signature
