Source: yaml-cpp Version: 0.6.2-4 Severity: important Tags: security upstream Forwarded: https://github.com/jbeder/yaml-cpp/issues/660
Hi, The following vulnerability was published for yaml-cpp. CVE-2019-6285[0]: | The SingleDocParser::HandleFlowSequence function in yaml-cpp (aka | LibYaml-C++) 0.6.2 allows remote attackers to cause a denial of service | (stack consumption and application crash) via a crafted YAML file. the issue looks similar to CVE-2019-6292 but does not seem to be a duplicate. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-6285 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6285 [1] https://github.com/jbeder/yaml-cpp/issues/660 Please adjust the affected versions in the BTS as needed. Regards, Salvatore