Source: snakeyaml Version: 1.25+ds-2 Severity: important Tags: security upstream Forwarded: https://bitbucket.org/asomov/snakeyaml/issues/377 Control: found -1 1.23-1 Control: found -1 1.17-1
Hi, The following vulnerability was published for snakeyaml. CVE-2017-18640[0]: | The Alias feature in SnakeYAML 1.18 allows entity expansion during a | load operation, a related issue to CVE-2003-1564. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18640 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18640 [1] https://bitbucket.org/asomov/snakeyaml/issues/377 [2] https://bitbucket.org/asomov/snakeyaml/commits/b680ce64971d943083012c04690c0ffa9fea6da4 Regards, Salvatore