Package: pyyaml
Severity: grave
Tags: security
Hi,
CVE-2014-9130 from libyaml also affects pyyaml. I'm attaching a short
reproducer.
Cheers,
Moritz
import yaml
import codecs
with codecs.open('CVE-2014-9130.yaml', 'r') as stream:
foo = yaml.load(stream)
for key, value in foo.items():
setattr(self, key, value)
abc:
def: 'xxx
' ghi: 'yyy'
_______________________________________________
Secure-testing-team mailing list
[email protected]
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
