On Thu, 11 Jul 2019 10:16:48 +0300 mer...@debian.org wrote:
> Hello,
>
> According to [1] the unsafe loader yaml.UnsafeLoader is still
> vulnerable, and could be used upon request. While strictly speaking the
> vulnerability is fixed by using safe reader by default, I assume
> complete safety can
Hello,
According to [1] the unsafe loader yaml.UnsafeLoader is still
vulnerable, and could be used upon request. While strictly speaking the
vulnerability is fixed by using safe reader by default, I assume
complete safety can only be achieved by disabling the yaml.UnsafeLoader.
Best,
Andrius
[1]
Source: pyyaml
Version: 3.12-1
Severity: normal
Tags: security upstream
Forwarded: https://github.com/yaml/pyyaml/pull/74
Hi,
The following vulnerability was published for pyyaml. Please see the
notes in the security tracker to see why this got a CVE assigned now.
The bug is filled to track the "
3 matches
Mail list logo
