advisories/14917.adv

type: security
subject: Updated python-yaml packages fix security vulnerability
CVE:
 - CVE-2014-9130
src:
  4:
   core:
     - python-yaml-3.10-5.1.mga4
description: |
  Updated python-yaml packages fix security vulnerability:

  Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way
  wrapped strings are parsed in Python-YAML, a YAML parser and emitter for
  Python. An attacker able to load specially crafted YAML input into an
  application using python-yaml could cause the application to crash.

  This issue is similar to CVE-2014-9130, but the assertion was independently
  implemented in Python-YAML.
references:
 - https://bugs.mageia.org/show_bug.cgi?id=14917
 - http://advisories.mageia.org/MGASA-2014-0508.html
 - https://www.debian.org/security/2014/dsa-3115
ID: MGASA-2015-0004
1	type: security
2	subject: Updated python-yaml packages fix security vulnerability
3	CVE:
4	- CVE-2014-9130
5	src:
6	4:
7	core:
8	- python-yaml-3.10-5.1.mga4
9	description: \|
10	Updated python-yaml packages fix security vulnerability:
11
12	Jonathan Gray and Stanislaw Pitucha found an assertion failure in the way
13	wrapped strings are parsed in Python-YAML, a YAML parser and emitter for
14	Python. An attacker able to load specially crafted YAML input into an
15	application using python-yaml could cause the application to crash.
16
17	This issue is similar to CVE-2014-9130, but the assertion was independently
18	implemented in Python-YAML.
19	references:
20	- https://bugs.mageia.org/show_bug.cgi?id=14917
21	- http://advisories.mageia.org/MGASA-2014-0508.html
22	- https://www.debian.org/security/2014/dsa-3115
23	ID: MGASA-2015-0004