30234 – yaml-cpp new security issues CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292

Bug 30234 - yaml-cpp new security issues CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-2019-6292

Summary: yaml-cpp new security issues CVE-2018-20573 CVE-2018-20574 CVE-2019-6285 CVE-...

Status:	RESOLVED INVALID

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	Cauldron
Hardware:	All Linux

Priority:	Normal Severity: normal
Target Milestone:	---
Assignee:	All Packagers
QA Contact:	Sec team

URL:
Whiteboard:	MGA8TOO
Keywords:

Depends on:
Blocks:

Reported:	2022-04-01 20:54 CEST by David Walser
Modified:	2022-04-04 14:38 CEST (History)
CC List:	1 user (show)

See Also:
Source RPM:	yaml-cpp-0.6.3-3.mga9.src.rpm
CVE:
Status comment:	Patches available from openSUSE

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description David Walser 2022-04-01 20:54:48 CEST

openSUSE has issued an advisory today (April 1):
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/U5JRSH3JEFDRI2LLKIUVXRRMZJAO5ZPH/

Mageia 8 is also affected.

David Walser 2022-04-01 20:55:07 CEST

Status comment: (none) => Patches available from openSUSE
Whiteboard: (none) => MGA8TOO

Comment 1 Lewis Smith 2022-04-03 09:12:35 CEST

No activity on this for years, so assigning this update globally.

Assignee: bugsquad => pkg-bugs

Comment 2 Nicolas Salguero 2022-04-04 09:32:36 CEST

Hi,

The code from the patch provided by openSUSE, which solves the four issues, is already in version 0.6.3.  Debian also confirms version 0.6.3 fixed those CVEs.

Best regards,

Nico.

CC: (none) => nicolas.salguero

Comment 3 David Walser 2022-04-04 14:38:43 CEST

Thanks.

Status: NEW => RESOLVED
Resolution: (none) => INVALID

Note You need to log in before you can comment on or make changes to this bug.