LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for June 20, 2013

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Fedora alert FEDORA-2012-5035 (perl-YAML-LibYAML)



From:
    	      updates@fedoraproject.org 


To:
    	      package-announce@lists.fedoraproject.org 


Subject:
    	      [SECURITY] Fedora 16 Update: perl-YAML-LibYAML-0.38-2.fc16 


Date:
    	      Sun, 08 Apr 2012 03:30:56 +0000


Message-ID:
    	      <20120408033056.4E45120F45@bastion01.phx2.fedoraproject.org>


Archive-link:
    	      Article, Thread
              


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-5035
2012-03-31 02:14:54
--------------------------------------------------------------------------------

Name        : perl-YAML-LibYAML
Product     : Fedora 16
Version     : 0.38
Release     : 2.fc16
URL         : http://search.cpan.org/dist/YAML-LibYAML/
Summary     : Perl YAML Serialization using XS and libyaml
Description :
Kirill Siminov's "libyaml" is arguably the best YAML implementation. The C
library is written precisely to the YAML 1.1 specification. It was originally
bound to Python and was later bound to Ruby.

--------------------------------------------------------------------------------
Update Information:

This update fixes various format string vulnerabilities (CVE-2012-1152, CPAN RT#46507).

The Fedora 15 and Fedora 16 builds also include some bug-fixes from upstream:

* Fix for broken deparse test
* Fix LoadFile on empty file failure

--------------------------------------------------------------------------------
ChangeLog:

* Thu Mar 29 2012 Paul Howarth <paul@city-fan.org> - 0.38-2
- Fix various format string vulnerabilities (CVE-2012-1152, CPAN RT#46507)
- De-duplicate buildreqs, with Module>Install>Tests priority
- Install to vendor directories
- Don't need to remove empty directories from buildroot
- Don't use macros for commands
- Make %files list more explicit
- Tidy %description
* Fri Jan 13 2012 Marcela Mašláňová <mmaslano@redhat.com> - 0.38-1
- Bump to 0.38
* Fri Sep 30 2011 Petr Sabata <contyk@redhat.com> - 0.37-1
- 0.37 bump
- Remove defattr
- Correct BR
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #801738 - CVE-2012-1152 perl-YAML-LibYAML: Multiple format string flaws by reporting
errors during YAML document load
        https://bugzilla.redhat.com/show_bug.cgi?id=801738
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update perl-YAML-LibYAML' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-...
(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds