Hi Tony, On Tue, Sep 27, 2022 at 08:06:58AM -0700, tony mancill wrote: > On Mon, Sep 05, 2022 at 09:48:33PM +0200, Salvatore Bonaccorso wrote: > > Source: snakeyaml > > Version: 1.29-1 > > Severity: important > > Tags: security upstream > > Forwarded: https://bitbucket.org/snakeyaml/snakeyaml/issues/525 > > X-Debbugs-Cc: [email protected], Debian Security Team > > <[email protected]> > > > > Hi, > > > > The following vulnerability was published for snakeyaml. > > > > CVE-2022-25857[0]: > > | The package org.yaml:snakeyaml from 0 and before 1.31 are vulnerable > > | to Denial of Service (DoS) due missing to nested depth limitation for > > | collections. > > snakeyaml 1.31 has been uploaded to unstable. I will start work on > 1.33, which addresses other non-DSA CVEs [1].
Thank you! Regards, Salvatore __ This is the maintainer address of Debian's Java team <https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-maintainers>. Please use [email protected] for discussions and questions.
