regression in CVE-2013-6393 patch
Bug #1279805 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libyaml (Debian) |
Fix Released
|
Unknown
|
|||
libyaml (Ubuntu) |
Fix Released
|
Critical
|
Marc Deslauriers | ||
Precise |
Fix Released
|
Critical
|
Marc Deslauriers | ||
Quantal |
Fix Released
|
Critical
|
Marc Deslauriers | ||
Saucy |
Fix Released
|
Critical
|
Marc Deslauriers |
Bug Description
A regression has been reported in the patch used to fix CVE-2013-6393 in USN-2098-1:
https:/
https:/
Upstream has used slightly different fixes in 0.1.5.
Changed in libyaml (Ubuntu Precise): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libyaml (Ubuntu Saucy): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libyaml (Ubuntu Quantal): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libyaml (Ubuntu Trusty): | |
assignee: | nobody → Marc Deslauriers (mdeslaur) |
Changed in libyaml (Debian): | |
status: | Unknown → Fix Committed |
Changed in libyaml (Debian): | |
status: | Fix Committed → Fix Released |
To post a comment you must log in.
This bug was fixed in the package libyaml - 0.1.4-2ubuntu0. 13.10.2
--------------- 2ubuntu0. 13.10.2) saucy-security; urgency=medium
libyaml (0.1.4-
* SECURITY REGRESSION: parsing regression in security update patches/ CVE-2013- 6393.patch: updated to use upstream commits
(LP: #1279805)
- debian/
from 0.1.5.
-- Marc Deslauriers <email address hidden> Thu, 13 Feb 2014 08:32:45 -0500