Bug 30234

Summary: yaml-cpp new security issues CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: All Packagers <pkg-bugs>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: normal    
Priority: Normal CC: nicolas.salguero
Version: Cauldron   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: MGA8TOO
Source RPM: yaml-cpp-0.6.3-3.mga9.src.rpm CVE:
Status comment: Patches available from openSUSE

Description David Walser 2022-04-01 20:54:48 CEST 
openSUSE has issued an advisory today (April 1):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5JRSH3JEFDRI2LLKIUVXRRMZJAO5ZPH/

Mageia 8 is also affected.
David Walser 2022-04-01 20:55:07 CEST

Status comment: (none) => Patches available from openSUSE
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-04-03 09:12:35 CEST 
No activity on this for years, so assigning this update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2022-04-04 09:32:36 CEST 
Hi,

The code from the patch provided by openSUSE, which solves the four issues, is already in version 0.6.3.  Debian also confirms version 0.6.3 fixed those CVEs.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 3 David Walser 2022-04-04 14:38:43 CEST 
Thanks.

Status: NEW => RESOLVED
Resolution: (none) => INVALID