[ubuntu/hirsute-proposed] pyyaml 5.3.1-3ubuntu1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Mon Apr 12 14:11:02 UTC 2021 

pyyaml (5.3.1-3ubuntu1) hirsute; urgency=medium

  * SECURITY UPDATE: FullLoader arbitrary code execution
    - debian/patches/CVE-2020-14343.patch: move a few constructors from
      full_load to unsafe_load in lib/yaml/constructor.py,
      lib3/yaml/constructor.py, tests/lib/test_recursive.py,
      tests/lib3/test_recursive.py.
    - CVE-2020-14343

Date: Mon, 12 Apr 2021 09:24:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/pyyaml/5.3.1-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Mon, 12 Apr 2021 09:24:50 -0400
Source: pyyaml
Built-For-Profiles: noudeb
Architecture: source
Version: 5.3.1-3ubuntu1
Distribution: hirsute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 pyyaml (5.3.1-3ubuntu1) hirsute; urgency=medium
 .
   * SECURITY UPDATE: FullLoader arbitrary code execution
     - debian/patches/CVE-2020-14343.patch: move a few constructors from
       full_load to unsafe_load in lib/yaml/constructor.py,
       lib3/yaml/constructor.py, tests/lib/test_recursive.py,
       tests/lib3/test_recursive.py.
     - CVE-2020-14343
Checksums-Sha1:
 0cb01bdfee8ebe9a20584f56b69d6bb6818e1ecb 2254 pyyaml_5.3.1-3ubuntu1.dsc
 b605f7b72d30648d77228199f0d5996eafac66f6 7896 pyyaml_5.3.1-3ubuntu1.debian.tar.xz
 6062138964da3a89bae3052a1d3f3be37919fb7a 7657 pyyaml_5.3.1-3ubuntu1_source.buildinfo
Checksums-Sha256:
 7962e9b3f36c8a063d6f4948b5e26b808bb2879db9486f7e277966b9d54aa384 2254 pyyaml_5.3.1-3ubuntu1.dsc
 44018f71d462478ffc1e34989ad3f4ad34682ec707aa01445ef492e67379fcf8 7896 pyyaml_5.3.1-3ubuntu1.debian.tar.xz
 ec3cde86f8d4cb6dea132949bb42da35e46547914bf0ee01509a5ed62d897e80 7657 pyyaml_5.3.1-3ubuntu1_source.buildinfo
Files:
 930d946fec03722b7e8b5e0855b50341 2254 python optional pyyaml_5.3.1-3ubuntu1.dsc
 2ff11eb4edc4189e8d69200fd86c5831 7896 python optional pyyaml_5.3.1-3ubuntu1.debian.tar.xz
 4b9d3aa40e179e8a3ace954b4abd60e5 7657 python optional pyyaml_5.3.1-3ubuntu1_source.buildinfo
Original-Maintainer: Debian Python Team <team+python at tracker.debian.org>

More information about the Hirsute-changes mailing list