[ubuntu/focal-updates] golang-yaml.v2 2.2.2-1ubuntu0.1 (Accepted)

[Ubuntu Archive Robot]

golang-yaml.v2 (2.2.2-1ubuntu0.1) focal-security; urgency=medium

  * SECURITY UPDATE: DOS through excessive alias.
    - debian/patches/CVE-2021-4235.patch: Add logic to catch cases of
      alias abuse in decode.go.
    - CVE-2021-4235
  * SECURITY_UPDATE: DOS through nested or expansion in large documents.
    - debian/patches/CVE-2022-3064.patch: Improve heuristics preventing
      CPU/memory abuse in decode.go and scannerc.go.
    - CVE-2022-3064

Date: 2023-08-11 09:45:09.168815+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/golang-yaml.v2/2.2.2-1ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.