Markus Koschany pushed to branch bullseye at Debian Java Maintainers / snakeyaml
Commits: fbec2170 by Markus Koschany at 2023-02-24T22:21:51+01:00 Install README.Debian.security and explain that snakeyaml is not designed to process YAML input from untrusted sources. - - - - - 941773c6 by Markus Koschany at 2023-02-24T22:22:44+01:00 Update changelog - - - - - 3 changed files: - + debian/README.Debian.security - debian/changelog - + debian/libyaml-snake-java.docs Changes: ===================================== debian/README.Debian.security ===================================== @@ -0,0 +1,5 @@ +Note that snakeyaml isn't designed to operate on YAML data coming from untrusted +sources, in such cases you need to apply sanitising/exception handling yourself. + +Please see https://bitbucket.org/snakeyaml/snakeyaml/wiki/CVE%20&%20NIST.md +for additional information. ===================================== debian/changelog ===================================== @@ -1,3 +1,11 @@ +snakeyaml (1.28-1+deb11u2) bullseye; urgency=medium + + * Team upload. + * Install README.Debian.security and explain that snakeyaml + is not designed to process YAML input from untrusted sources. + + -- Markus Koschany <[email protected]> Fri, 24 Feb 2023 22:22:25 +0100 + snakeyaml (1.28-1+deb11u1) bullseye; urgency=medium * Team upload. ===================================== debian/libyaml-snake-java.docs ===================================== @@ -0,0 +1 @@ +debian/README.Debian.security View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/bb9c104cc439e22651cb794ea35bae653085cbd8...941773c65fe886a76e49146f46f23312f721a999 -- View it on GitLab: https://salsa.debian.org/java-team/snakeyaml/-/compare/bb9c104cc439e22651cb794ea35bae653085cbd8...941773c65fe886a76e49146f46f23312f721a999 You're receiving this email because of your account on salsa.debian.org.
_______________________________________________ pkg-java-commits mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-java-commits
