[ubuntu/focal-security] snakeyaml 1.25+ds-2ubuntu0.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Thu Mar 9 21:38:57 UTC 2023
snakeyaml (1.25+ds-2ubuntu0.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-25857.patch: Restrict nested depth for
collections to avoid DoS attacks.
- CVE-2022-25857
- CVE-2022-38749
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
- CVE-2022-38750
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
attacks.
- CVE-2022-38751
Date: 2023-03-09 19:35:08.490789+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/snakeyaml/1.25+ds-2ubuntu0.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Focal-changes
mailing list