[Bug 1279805] Re: regression in CVE-2013-6393 patch
Launchpad Bug Tracker
1279805 at bugs.launchpad.net
Thu Feb 13 16:43:38 UTC 2014
This bug was fixed in the package libyaml - 0.1.4-3ubuntu2
---------------
libyaml (0.1.4-3ubuntu2) trusty; urgency=medium
* SECURITY REGRESSION: parsing regression in security update
(LP: #1279805)
- debian/patches/CVE-2013-6393.patch: use upstream commits from 0.1.5.
- debian/patches/libyaml-string-overflow.patch: removed
- debian/patches/libyaml-node-id-hardening.patch: removed
- debian/patches/libyaml-indent-column-overflow-v2.patch: removed
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Thu, 13 Feb 2014 09:02:35 -0500
** Changed in: libyaml (Ubuntu Trusty)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to libyaml in Ubuntu.
https://bugs.launchpad.net/bugs/1279805
Title:
regression in CVE-2013-6393 patch
Status in “libyaml” package in Ubuntu:
Fix Released
Status in “libyaml” source package in Precise:
Fix Released
Status in “libyaml” source package in Quantal:
Fix Released
Status in “libyaml” source package in Saucy:
Fix Released
Status in “libyaml” source package in Trusty:
Fix Released
Status in “libyaml” package in Debian:
Fix Committed
Bug description:
A regression has been reported in the patch used to fix CVE-2013-6393
in USN-2098-1:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738587
https://bugzilla.redhat.com/show_bug.cgi?id=1033990
Upstream has used slightly different fixes in 0.1.5.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1279805/+subscriptions
More information about the foundations-bugs
mailing list