[Bug 1279805] [NEW] regression in CVE-2013-6393 patch

Marc Deslauriers marc.deslauriers at canonical.com
Thu Feb 13 13:34:59 UTC 2014


*** This bug is a security vulnerability ***

Public security bug reported:

A regression has been reported in the patch used to fix CVE-2013-6393 in
USN-2098-1:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738587
https://bugzilla.redhat.com/show_bug.cgi?id=1033990

Upstream has used slightly different fixes in 0.1.5.

** Affects: libyaml (Ubuntu)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libyaml (Ubuntu Precise)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libyaml (Ubuntu Quantal)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libyaml (Ubuntu Saucy)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libyaml (Ubuntu Trusty)
     Importance: Undecided
     Assignee: Marc Deslauriers (mdeslaur)
         Status: New

** Affects: libyaml (Debian)
     Importance: Unknown
         Status: Unknown

** Also affects: libyaml (Ubuntu Precise)
   Importance: Undecided
       Status: New

** Also affects: libyaml (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Also affects: libyaml (Ubuntu Saucy)
   Importance: Undecided
       Status: New

** Also affects: libyaml (Ubuntu Quantal)
   Importance: Undecided
       Status: New

** Changed in: libyaml (Ubuntu Precise)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libyaml (Ubuntu Saucy)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libyaml (Ubuntu Quantal)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: libyaml (Ubuntu Trusty)
     Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Bug watch added: Debian Bug tracker #738587
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738587

** Also affects: libyaml (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738587
   Importance: Unknown
       Status: Unknown

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libyaml in Ubuntu.
https://bugs.launchpad.net/bugs/1279805

Title:
  regression in CVE-2013-6393 patch

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libyaml/+bug/1279805/+subscriptions



More information about the Ubuntu-server-bugs mailing list