Your message dated Sat, 07 Mar 2020 03:34:14 +0000
with message-id <[email protected]>
and subject line Bug#953013: fixed in pyyaml 5.3-2
has caused the Debian Bug report #953013,
regarding pyyaml: CVE-2020-1747: arbitrary command execution through
python/object/new when FullLoader is used
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
953013: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953013
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: pyyaml
Version: 5.3-1
Severity: important
Tags: security upstream
Forwarded: https://github.com/yaml/pyyaml/pull/386
Hi,
The following vulnerability was published for pyyaml.
CVE-2020-1747[0]:
|arbitrary command execution through python/object/new when FullLoader
|is used
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2020-1747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1747
[1] https://github.com/yaml/pyyaml/pull/386
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: pyyaml
Source-Version: 5.3-2
Done: Scott Kitterman <[email protected]>
We believe that the bug you reported is fixed in the latest version of
pyyaml, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Scott Kitterman <[email protected]> (supplier of updated pyyaml package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 06 Mar 2020 21:56:58 -0500
Source: pyyaml
Architecture: source
Version: 5.3-2
Distribution: unstable
Urgency: high
Maintainer: Debian Python Modules Team
<[email protected]>
Changed-By: Scott Kitterman <[email protected]>
Closes: 948492 953013
Changes:
pyyaml (5.3-2) unstable; urgency=high
.
[ Emmanuel Arias ]
* Call python2 instead of python in autopkgtest. (Closes: #948492)
* d/control: python-yaml-dbg depends on python2-dbg instead of python-dbg.
- Patch by Matthias Klose.
.
[ Debian Janitor ]
* Bump debhelper from old 11 to 12.
* Set upstream metadata fields: Bug-Database, Bug-Submit, Name,
Repository, Repository-Browse.
.
[ Scott Kitterman ]
* Add d/p/CVE-2020-1747.patch due to command injection vulnerability
(Closes: #953013)
- Resolves CVE-2020-1747: arbitrary command execution through python/
object/new when FullLoader is used
* Bump standards-version to 4.5.0 without further change
Checksums-Sha1:
e52ba8c1f3e534b87df22731346057d47c1d4985 2289 pyyaml_5.3-2.dsc
81719e7c20d96d80f4e61978fc15c182a029df82 8208 pyyaml_5.3-2.debian.tar.xz
16daad82bc85488d7e13520ccfe39ebf097b5e0d 5972 pyyaml_5.3-2_source.buildinfo
Checksums-Sha256:
31ba4a5253deebbc95915b51d7e5c9cb3412550b85481df12bdfbd83fb7f48d3 2289
pyyaml_5.3-2.dsc
b4d944a1d021042ba8b0a8c4467d5982ab1af9b46fea758dce4a7a01309a919b 8208
pyyaml_5.3-2.debian.tar.xz
77d54aebca244ab7bc947abb5139115d17a90b5f6a6cbfd55a483f7a642989b8 5972
pyyaml_5.3-2_source.buildinfo
Files:
439096e75ff4e5476d7a8cd1e6a4b093 2289 python optional pyyaml_5.3-2.dsc
ffdd216f5aa73caa8913944c3cef4a22 8208 python optional
pyyaml_5.3-2.debian.tar.xz
46e520080ca3dafb4c72d93a89585683 5972 python optional
pyyaml_5.3-2_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE53Kb/76FQA/u7iOxeNfe+5rVmvEFAl5jD1kACgkQeNfe+5rV
mvF11Q//cDje4OA0Cm6jVD6cxazoZf6GCOU0fnwLQ0A4R4rVAaKnsdFBnuHREmzC
Cd2x2fxiotNtBjPhz5b3aRESCrQ88VALgclaQlR8E2uSBzImhGxf9HYyIbFmcD3e
1AnODHwFa973Y34MlFOjUwCEVMrIQRLnHL6+/Y59HR7uNYFljRlS2F5XT8rmc0It
HGMWrhjjP/8ljv6SSNaVw6dwXxQrT1qfPsoL0Ge5VY5AjMnhgKFlptGxGjve722x
JhyS+kwGfp/7yfPMemkLGZgjgEenVAcbtw5p0IlyGBemH/E8LHWEkkVSygudzsdD
HVSUoNeV+w4yMj1Kb6IsGz3LVNK71LarlElFjI7QNpyDAx+ifBENBGKY04FVK49S
BkeWO3bFw/VrQu+pxe44A4eSGYJhSObcNG6V2p8kcn5FpuLXg89kjJVwvvvDUEMV
kzJWB+4S3NE4gTLeT2KUNt52vCUHl6lcJtrL2cDS0yfFPFLKX0Vunra5KKqiFGhI
R85xNJJg66KvnLsbb7DRLy0+jEo3EHYuj/I5q6tzKTyNqW63mhKvExaS8/DH5G1H
zVgHpyZ2C/DVPXbooxuIWxtx6Z5Wo2TL6mCRGOrbxl+ZLYQW+QAQL7mi5wD8sbG2
g6MU1bybG83Bc8Zx80W1KUUN5Zjtb8JVOO2PnPry4KcLCUkYMKU=
=ySwm
-----END PGP SIGNATURE-----
--- End Message ---
_______________________________________________
Python-modules-team mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/python-modules-team
