[ubuntu/kinetic-security] snakeyaml 1.29-1ubuntu0.22.10.1 (Accepted)
Fabian Toepfer
fabian.toepfer at canonical.com
Thu Mar 9 21:38:55 UTC 2023
snakeyaml (1.29-1ubuntu0.22.10.1) kinetic-security; urgency=medium
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-25857.patch: Restrict nested depth for
collections to avoid DoS attacks.
- CVE-2022-25857
- CVE-2022-38749
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38750.patch: Adds test for upstream issue 526.
- CVE-2022-38750
* SECURITY UPDATE: Denial of service due to stack overflow
- debian/patches/CVE-2022-38751.patch: Add resolver limits to avoid DoS
attacks.
- CVE-2022-38751
Date: 2023-03-09 19:33:09.098898+00:00
Changed-By: Fabian Toepfer <fabian.toepfer at canonical.com>
https://launchpad.net/ubuntu/+source/snakeyaml/1.29-1ubuntu0.22.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the kinetic-changes
mailing list