[lintian] branch master updated (55f2dfe -> 995a449)
This is an automated email from the git hooks/post-receive script. pabs pushed a change to branch master in repository lintian. from 55f2dfe spelling: Add another correction new 995a449 spelling: Add another correction The 1 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: data/spelling/corrections | 1 + 1 file changed, 1 insertion(+) -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
[lintian] 01/01: spelling: Add another correction
This is an automated email from the git hooks/post-receive script. pabs pushed a commit to branch master in repository lintian. commit 995a449aa5a7f5f8227aa66518ce615f80aa9040 Author: Paul Wise Date: Fri May 12 12:15:35 2017 +0800 spelling: Add another correction --- data/spelling/corrections | 1 + 1 file changed, 1 insertion(+) diff --git a/data/spelling/corrections b/data/spelling/corrections index 3a75fce..238f929 100644 --- a/data/spelling/corrections +++ b/data/spelling/corrections @@ -1297,6 +1297,7 @@ documentaion||documentation documentaiton||documentation documention||documentation documetation||documentation +documetnation||documentation documment||document documments||documents doens't||doesn't -- Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/lintian/lintian.git
Processed: Re: Bug#861958: lintian: insecure YAML validation
Processing commands for cont...@bugs.debian.org: > clone 861958 -1 Bug #861958 [lintian] lintian: insecure YAML validation [CVE-2017-8829] Bug 861958 cloned as bug 862373 > reassign -1 libyaml-libyaml-perl Bug #862373 [lintian] lintian: insecure YAML validation [CVE-2017-8829] Bug reassigned from package 'lintian' to 'libyaml-libyaml-perl'. No longer marked as found in versions lintian/2.5.41. Ignoring request to alter fixed versions of bug #862373 to the same values previously set > retitle -1 libyaml-libyaml-perl: Unconditionally instantiates objects from > yaml data Bug #862373 [libyaml-libyaml-perl] lintian: insecure YAML validation [CVE-2017-8829] Changed Bug title to 'libyaml-libyaml-perl: Unconditionally instantiates objects from yaml data' from 'lintian: insecure YAML validation [CVE-2017-8829]'. > thanks Stopping processing here. Please contact me if you need assistance. -- 861958: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861958 862373: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862373 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
Bug#861958: lintian: insecure YAML validation
clone 861958 -1 reassign -1 libyaml-libyaml-perl retitle -1 libyaml-libyaml-perl: Unconditionally instantiates objects from yaml data thanks Dominique Dumont wrote... > On samedi 6 mai 2017 13:01:50 CEST you wrote: > > This module is happy to deserialize objects of any existing Perl class. For > > Lintian, the File::Temp::Dir class can be abused to remove arbitrary > > directory trees. (There might be other exciting ways to exploit this bug, > > but I'm too lazy to investigate further.) > > I wonder if this behavior should be considered as a YAML bug... At least I consider the unconditional instantiation of object a bug, hence cloning. As previously mentioned in debian-perl@, there is no easy solution, assuming some code out there intentionally uses that feature, and in a safe matter. If we choose to ignore that, at least for the time being, we can disable the blessing entirely by dropping the three sv_bless invocations in . This makes the attached reproducer pass. Before releasing that change however, there should be an audit of all the roughly 40 packages in Debian that use YAML::XS to avoid unintended breakage. In the worst case, that simple approach isn't feasible and the instantiation needs to be made configurable - something that requires coordination with upstream[1] and/or other distributions. We should discuss this during the sprint. Christoph [1] But see https://github.com/perl11/cperl/issues/198 #!/usr/bin/perl use 5.010; use strict; use warnings; use File::Temp qw(tempdir); use YAML::XS qw(LoadFile); my $temp_dir = tempdir ( "yaml-xs-demo.$$.X", 'TMPDIR' => 1, 'CLEANUP' => 1, ); my $temp_file = "$temp_dir/story.yaml"; my $pid = fork // die ("Cannot fork: $!"); if ($pid == 0) { my $fh; open ($fh, '>', $temp_file) or die $!; print $fh <<__EOS__; - !File::Temp::Dir CLEANUP: 1 LAUNCHPID: $$ REALNAME: $temp_dir __EOS__ close ($fh); my $data = LoadFile ($temp_file); exit 0; } wait; if (-d $temp_dir) { print "I: Pass, temp dir is still present\n"; } else { print "F: FAIL, temp dir was purged\n"; } signature.asc Description: Digital signature